Iran’s largest crypto exchange, Nobitex, was the second target, exploited by a pro-Israeli hacktivist group identified as Predatory Sparrow. The cyberattacks compromised the exchange’s hot wallet and reporting infrastructure, resulting in losses of over $48 million, some X users claimed.
The company confirmed the attack via an X post on June 18, stating that it had identified unauthorized access but had managed to isolate the affected systems, adding that all user funds were safe.
As a precautionary measure, the exchange suspended access to the platform’s web and mobile apps. It also assured users that their losses would be fully covered through their insurance fund and internal reserves. Blockchain investigator ZachXBT reported that the stolen funds were in Tether’s USDT, transferred through the Tron network.
The pro-Israeli group that calls itself Gonjeshke Darande, which translates to “Predatory Sparrow, claimed responsibility for the cyberattack, adding that they believe that the “exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool.”
The group threatened to release Nobitex’s internal source code and data within 24 hours, warning users that any assets left on the platform after that time would be at risk. Just a day before, the group also claimed responsibility for a major cyberattack on Iran’s state-owned Bank Sepah, which is controlled by the Islamic Revolutionary Guard Corps (IRGC).
Then, the hackers claimed that the bank was used to ‘circumvent international sanctions and was using the people of Iran’s money to finance the regime’s terrorist proxies’. They claimed to have destroyed data at the bank, leaving many customers unable to access their accounts.
The cyberattacks come as an extension to the on-going bombing that Iran and Israel are engaged in, after Israel first began targeting nuclear energy facilities, military bases in Trehan on June 13, 2025.
