Iranian crypto exchange Nobitex said it was hit by a cyberattack that led to a theft from its hot wallet.

The platform, which serves over 10 million users, has taken its website and app offline indefinitely for investigation.

Public blockchain records indicate that at least US$90 million worth of cryptocurrency was stolen in multiple transactions.

Blockchain analysis firm Elliptic said that the stolen funds were transferred to inaccessible wallets, effectively removing them from circulation.

A hacking group called Predatory Sparrow claimed responsibility and accused Nobitex of aiding terrorism and bypassing sanctions.

The attack came days after the same group disrupted Bank Sepah’s ATMs, amid rising Iran-Israel cyber tensions.

.source-ref{font-size:0.85em;color:#666;display:block;margin-top:1em;}a.ask-tia-citation-link:hover{color:#11628d !important;background:#e9f6f5 !important;border-color:#11628d !important;text-decoration:none !important;}@media only screen and (min-width:768px){a.ask-tia-citation-link{font-size:11px !important;}}

🔗 Source: TechCruncn

🧠 Food for thought

1️⃣ Evolution of politically motivated cyber warfare: destruction over theft

The Nobitex attack represents a significant shift in hacker tactics from financial theft to deliberate destruction of assets, with Predatory Sparrow sending stolen funds to inaccessible “burner” wallets rather than attempting to profit from them 1.

This continues a pattern of destructive attacks by the same group, who previously caused physical damage to an Iranian steel mill and disabled gas station payment systems across Iran, showing an escalation in cyber operations that prioritize disruption over financial gain 2.

The attack follows a consistent targeting pattern by Predatory Sparrow against Iranian financial and industrial infrastructure since at least 2021, with claims of attacking entities that violate international sanctions or support terrorism 3.

Experts note that such destructive attacks that cause physical consequences are relatively rare in cyber warfare, highlighting the increasing willingness to use digital means to create real-world impacts in geopolitical conflicts 1.

2️⃣ Cryptocurrency exchanges face unique security vulnerabilities

Nobitex’s breach follows a troubling pattern for cryptocurrency exchanges, which face heightened security challenges due to their lack of centralized oversight compared to traditional financial institutions 4.

Research from three Asian universities shows that cyber attacks on crypto exchanges can trigger investor panic that spills over into broader financial markets, especially when attacks occur in succession, demonstrating how these incidents can have far-reaching economic impacts beyond just the immediate victims 4.

This attack highlights the particular vulnerability of exchanges operating in politically sensitive regions or under sanctions, where they may become targets not just for financially motivated criminals but also state-aligned actors with political agendas 5.

Unlike traditional financial institutions with established security protocols and government protections, crypto exchanges often struggle with security fundamentals while handling billions in assets, leaving them susceptible to sophisticated attacks by groups with nation-state resources 1.

3️⃣ Cyber operations increasingly mirror and extend physical conflicts

The timing of the Nobitex attack amid escalating military tensions between Israel and Iran demonstrates how cyber operations now run parallel to physical conflicts, creating a multi-domain battlefield 5.

Iranian state media acknowledged this dimension by describing the attack as part of a “massive cyber war” targeting digital infrastructure, recognizing cyber operations as a legitimate theater of conflict alongside conventional military actions 1.

The attack on Nobitex represents a financial dimension of conflict, targeting what the hackers claim are sanctions evasion mechanisms, demonstrating how cyber operations can enforce or counter international sanctions policies outside official channels 5.

This pattern echoes previous cyber conflicts, such as the 2017 WannaCry attack attributed to North Korea and the NotPetya attack linked to Russia against Ukraine, showing how cyber capabilities have become standard tools in international tensions 2.

……