Iranian cryptocurrency exchange Nobitex suffered a significant security breach on June 18, resulting in the theft of an estimated $82 million in digital assets from its hot wallet infrastructure, according to an independent blockchain investigator and company statements.
The attack, attributed by crypto blockchain investigation outfit Zachxbt to the pro-Israel hacking group Gonjeshke Darande, targeted internal systems and a segment of the company’s hot wallets used for day-to-day transactions.
Among the stolen assets were $55 million in Tether (USDT), $6.72 million in Dogecoin (DOGE), $2.61 million in PEPE tokens, and $1.94 million in Bitcoin (BTC). Nobitex has since confirmed the breach and temporarily suspended all services while initiating an internal investigation and full security audit.
Exchange Confirms Incident, Claims User Funds Are Safe
In an official statement, Nobitex said the unauthorized access was detected early Wednesday, prompting the immediate isolation of compromised systems and the initiation of emergency protocols. The company stated that the affected funds were limited to its hot wallet, while the majority of user assets, held in cold storage, remained secure.
The exchange noted that an insurance fund and internal reserves would fully cover potential user losses from the hot wallet breach. Nobitex also said that users’ account data and balances are intact and backed up. The platform remains offline pending further investigation and recovery efforts.
Ongoing Investigation and Coordination with Authorities
Nobitex reported that it is working closely with Iranian authorities, including the Cyber Police unit (FATA), to determine the scope of the breach and pursue recovery options. As part of its response, Nobitex says it disconnected all affected servers, transferred remaining hot wallet assets to cold storage, and began validating server integrity.
While the exchange has not independently confirmed the identity of the attackers, the attribution to Gonjeshke Darande by Zachxbt suggests geopolitical dimensions to the incident. The group has been previously linked to other cyber operations with a political motive.
Nobitex has pledged to provide a full breakdown of the attack, a roadmap for restoring services, and instructions for users to access their assets once operations resume. Further updates are expected through the company’s official channels as the situation develops.
