The cyberattack on Iranian crypto exchange Nobitex has escalated dramatically, as hacker group Gonjeshke Darande — also known as Predatory Sparrow — has publicly released what it claims is the exchange’s entire source code, compounding the already devastating breach.
Taking to Twitter on Thursday, the group posted: “Time’s up — full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.” The announcement was followed by an eight-part thread disclosing highly sensitive infrastructure details, including server layouts, privacy toolsets, and deployment frameworks — all of which could expose the platform’s remaining systems to further compromise.
This public leak comes on the heels of an already crippling hot wallet breach, which has reportedly led to over $100 million in stolen crypto assets. Prior to the latest disclosure, the hackers claimed to have burned $90 million worth of funds across multiple blockchains. They say the assets were transferred to vanity addresses — customized wallet addresses with no recoverable private keys — rendering them permanently unrecoverable.
Nobitex, which earlier acknowledged the breach, confirmed in a public statement that its internal investigation revealed the scope of the attack to be “far more complex” than initially assumed. The company noted that its incident response has been hampered by ongoing national tensions, referencing the Israel–Iran conflict as a key factor influencing the crisis.
As Iran’s largest crypto exchange and a critical node in its digital economy, Nobitex’s downfall marks a significant blow to the nation’s crypto infrastructure. The attackers have described the platform as a “favorite sanctions violations tool,” suggesting the hack was politically motivated retaliation.
In the wake of the breach, Iranian authorities have imposed a new curfew on all domestic cryptocurrency exchanges, restricting their operations to between 10 a.m. and 8 p.m. local time, in an effort to contain further fallout and enhance oversight.
As of now, user withdrawals remain partially frozen, and it is unclear if the exchange will be able to resume full operations in the coming weeks.
For ongoing updates on crypto cybersecurity and blockchain regulation, visit TheCoinInfo.
