Update, June 18, 8:01 am UTC: This article has been updated to take a piece on Gonjeshke.
Update June 18, 8:49 a.m. UTC: This article has been updated to contain the newest numbers and quotes from Cyvers.
According to the Onchain investigator ZachxBT, the Nobitex cryptocurrency exchange, based in Iran, was hacked for greater than $ 81 million in digital assets.
The attack, which was announced in a telegram post on Wednesday, rejected no less than $ 81.7 million of assets in the whole Tron Network and Ethenum Virtual Machin (EVM) compatible blockchains.
ZachxBT discovered attackers with a “vanity address” to benefit from the protocol, which led to “suspicious drains” of several letters linked to Nobitex.
A conceit address refers to a public item of things with a particular, custom string. The first 49 million US dollars were stolen by the address “TKFuckirgcTerroristSnobitexy2r7mnx”. According to Tronscan, the second used address was “0xffffffffffffffffffffffffffffffffffffffffffk”.
Attacker wallet “Kfucki”. Source: Tronscan
Nobitex confirmed that a few of his hot wallets saw signs of an “non -authorized access” and was immediately “suspended” in the course of the discovery.
“The users' assets are completely secure based on the cold storage standards, and the above incident only influenced an element of the assets in hot wallets,” said Nobitex in an X -Post and added that “all damage by the insurance fund and Nobitex resources are compensated.”
The Nobitex Exploit “appears to be because of a critical failure of access controls, in order that attackers can infiltrate internal systems and drain hot wallets over several blockchains.
“Surprisingly, the stolen funds remain untouched,” said Unal.
The violation adds a growing list of crypto industry hacks in 2025. According to Blockchain Security Certik, greater than 2.1 billion dollars of digital assets were stolen this 12 months this 12 months.
“The majority of this 2.1 billion US dollars were brought on by articles of time, necessary mismanagement and operational problems,” Ronghui GU, co-founder of Certik, told CoinTelegraph in the course of the Daily X Spaces chain response on June 2.
He added that social engineering fraud, equivalent to address poisoning, is now more common than hacks on the protocol level. These attacks are based on psychological manipulations to make users transfer assets to fraudulent wallets.
Pro-Israel Hacker Group claims responsibility
A professional-Israeli hacker group, which calls itself “Gonjeshke”, has taken responsibility for the Nobitex hack.
In a post on X, the group announced that it will publish the source code and the Exchange's internal files inside 24 hours, and warns that each one remaining assets are “in danger” on the platform.
“The Nobitex exchange is the main focus of the regime's efforts to finance terror worldwide, in addition to the preferred tool for the regime's sanctions,” the group wrote.
“The dependency of the Nobitex regime may be seen from the proven fact that the work at Nobitex is thought to be a sound military service, since that is of crucial importance for the regime's efforts,” said the group and asked the user to “take measures before it is simply too late”.
The hack on the exchange comes in the midst of the fifth day of the renewed conflict between Israel and Iran and throws fear of a broader regional war.
On June 13, Israel in Iran began several strikes for destinations and marked his biggest attack on the country because the Iran Irak War within the Eighties. Since then, the 2 countries have involved strategic rocket strikes against one another, which led to 224 deaths reported in Iran and 24 reported deaths in Israel.
