Monday, 25 May 2026
Iranian crypto exchange suffers $90 million loss in major hack
A prominent anti-Iranian hacker collective, believed to have possible Israeli connections, announced on Wednesday that it had targeted one of Iran’s largest cryptocurrency exchanges, resulting in the destruction of nearly $90 million and threatening to leak the platform’s source code.
The group, called Gonjeshke Darande or “Predatory Sparrow,” claimed responsibility for the attack—its second major operation in just two days, Reuters reported.
On Tuesday, the hackers said they wiped data from Iran’s state-owned Bank Sepah, amid escalating hostilities and missile exchanges between Israel and Iran.
The latest breach focused on Nobitex, a leading crypto exchange in Iran. According to statements posted on the hackers’ social media channels, Nobitex is allegedly used by the Iranian government to bypass sanctions and support illicit activities worldwide.
By Wednesday, Nobitex’s website was offline. Inquiries sent to the company’s Telegram support channel remained unanswered, and Gonjeshke Darande did not reply to requests for comment.
In a post on X, Nobitex confirmed it had taken down its web and app platforms after detecting “unauthorized access” to its systems.
Gonjeshke Darande is an established cybercrime group noted for its sophisticated operations against Iranian infrastructure. In 2021, it disrupted gas stations across Iran; in 2022, it targeted an Iranian steel mill, sparking a significant fire and causing substantial real-world damage.
Though Israel has never officially claimed ties to the group, Israeli outlets have frequently described Gonjeshke Darande as “Israel-linked.”
According to TRM Labs, the cyber assault began early Wednesday, with hackers transferring funds from Nobitex into wallets that denounced Iran’s Islamic Revolutionary Guard Corps (IRGC). The firm estimated the losses at around $90 million in various cryptocurrencies.
Elliptic, a blockchain analysis company, noted that the wallets were deliberately set up so the hackers themselves could not access the stolen assets, essentially “burning” the funds to deliver a political message to Nobitex.
Elliptic also shared evidence suggesting that Nobitex had conducted transactions with crypto wallets controlled by groups hostile to Israel, naming organizations such as Palestinian Islamic Jihad, Hamas, and Yemen’s Houthis.
Concerns over Nobitex’s potential role in helping Iran circumvent international sanctions had previously been raised by U.S. Senators Elizabeth Warren and Angus King in a letter sent to senior Biden administration officials in May 2024, referencing a 2022 Reuters investigation.