- Trending
- Comments
- Latest
The hackers who stole $100 million from Iranian crypto giant Nobitex have made good on their promise, dumping the exchange’s entire source code online just one day after their initial attack.
The group Gonjeshke Darande (“Predatory Sparrow”), known for its pro-Israel cyber operations, published the Nobitex source code on dark web forums early Wednesday, exactly as threatened in their original ransom note.
The Nobitex source code leak came barely 24 hours after the group’s public threat to release sensitive data from Iran’s largest crypto exchange.
On Thursday, they followed through, posting links to the exchange’s entire backend framework, including its privacy mechanisms, blockchain scripts, and server directories.
At the heart of the breach lies a politically charged narrative. According to Yehor Rudytsia, blockchain security researcher at Hacken, the nature of the attack strongly suggests ideological motives.
“On EVM chains, the stolen assets—over 20 different tokens—were routed to clean burner addresses. This wasn’t your average heist. It’s a statement,” Rudytsia told Cointelegraph.
Gonjeshke Darande stated they specifically targeted Nobitex for its alleged ties to the Iranian regime and its role in “violating international sanctions.”
The hack coincided with the fifth day of renewed military conflict between Israel and Iran, suggesting a clear link between geopolitics and cyberwarfare.
Perhaps the most explosive element of this breach isn’t just the Nobitex source code being exposed, but the group’s claim that they burned $90 million of stolen crypto.
“Eight burn addresses incinerated $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex,” the group posted on X (formerly Twitter).
They accompanied the post with blockchain evidence of transactions leading to unspendable addresses, effectively removing the assets from circulation permanently.
The act of releasing the Nobitex source code now raises serious questions about future risks. With internal documentation, server architecture, and security procedures now accessible to the public (and potentially hostile entities), experts fear this could open the door to further exploits.
In an official statement Thursday, Nobitex confirmed that no additional financial losses occurred following the initial attack. The platform also said it plans to restore partial services within five days.
However, Nobitex acknowledged that ongoing internet disruptions caused by Iran’s domestic crisis have hampered efforts. The exchange is also under pressure to reassure its users, many of whom are anxiously waiting for a promised video address from CEO Amir Rad.
Meanwhile, the central bank of Iran has reportedly responded with new restrictions, introducing curfews on crypto exchange operating hours from 10 a.m. to 8 p.m., according to reports from Chainalysis.
Experts warn that the leak of the Nobitex source code may create a blueprint for future attacks, not just on Nobitex, but on other exchanges with similar architecture or shared infrastructure.
“Once source code is public, it’s like opening a window to every potential vulnerability. Bad actors will be dissecting it for months,” said Jake Moore, Global Cybersecurity Advisor at ESET, in a comment to Decrypt.
With trust in the platform shaken and the source code circulating online, the road to full recovery for Nobitex could be long and painful. The real danger now lies in how many more crypto exchanges might be targeted using the insights gained from this massive code exposure.
The Nobitex source code leak doesn’t just signify a financial or operational threat—it marks another chapter in the weaponization of blockchain amid international hostilities.
Iran and Israel have long battled for dominance in the digital sphere, and this incident shows how cryptocurrency exchanges can become battlegrounds for political expression, retaliation, and economic sabotage.
Copyright © 2025 - The Bit Gazette.
