A pro-Israel hacking group has claimed responsibility for draining the funds of Iran’s largest crypto exchange.
The hackers, who go by the name Gonjeshke Darande (Predatory Sparrow), used an unusual attack method on the Nobitex exchange that effectively destroyed around $100 million worth of cryptocurrency.
The group sent the stolen funds to vanity addresses that they are unable to access due to not holding the necessary cryptographic keys.
Rendering the funds unusable signals that it was politically-motivated, rather than a financially-motivated attack.
“The Nobitex exchange is at the heart of the regime’s efforts to finance terror worldwide, as well as being the regime’s favourite sanctions violation tool,” Predatory Sparrow wrote in a post to X.
“The regime’s dependence on Nobitex is evident from the fact that working at Nobitex is considered valid military service, as it is considered vital to the regime’s efforts.”
Nobitex has an estimated 11 million users, with research from crypto crime consultancy firm Elliptic noting that the exchange has been linked to the Iranian military and government figures in the past.
“Sending funds to vanity addresses for the purpose of removing them from circulation is not a type of attack we have observed before,” Arda Akartuna, lead crypto threat researcher at Elliptic, told The Independent.
“Even where political motivations may exist, hackers don’t typically forego the option of making money.”
Predatory Sparrow also claimed responsibility for a hack on Iran’s Bank Sepah this week, which they accused of helping fund Iran’s military. Previous targets for the group have included Iranian steel production facilities and petrol stations.
The latest attacks coincided with internet blackouts throughout Iran, which came partly as a response to persistent cyber threats.
Nobitex noted that there had been a “security incident” at its crypto exchange, but claimed that the situation was under control.
“Due to the simultaneous occurrence of national internet disruptions and emergency conditions, reaching our support team has become challenging,” Nobitex wrote in a statement.
“We once again emphasize that user assets are covered by the Nobitex Reserve Fund, and no user funds will be lost. We remain committed to ensuring the safety of your holdings and maintaining your trust.”
