Latest news with #Elliptic
NDTV
15 hours ago
- Business
- NDTV
Pro-Israel Hackers Steal $90 Million In Iranian Crypto Heist, Then Lose All
A pro-Israel hacking group on Wednesday drained over $90 million worth of cryptocurrency from an Iranian exchange. But multiple crypto tracking firms believe that Gonjeshke Darande, or 'Predatory Sparrow' in Farsi, lost all of the proceeds from the heist after reportedly 'burning' them in the process. The funds are now inaccessible after they were stored in 'vanity addresses' for which they do not have the cryptographic keys, The Guardian reported. On June 18, the group said it hacked the Nobitex exchange, a day after claiming they destroyed data at Iran's state-owned Bank Sepah amid escalating tensions between Israel and the Islamic Republic. Cryptocurrencies such as Doge, Ethereum and Bitcoin were taken from digital wallets on the Iranian exchange Nobitex, which has been connected to the Islamic Revolutionary Guard Corps. According to crypto tracking firm Elliptic, over $90 million in cryptocurrency was transferred from Nobitex crypto wallets to hacker addresses. The stolen funds were routed to addresses containing some variation of the term 'F*ckIRGCterrorists'. In a social media post on X, Predatory Sparrow confirmed that it had targeted Nobitex and later released its source code. 'Predatory Sparrow would not have the private keys for the crypto addresses they sent the Nobitex funds to, and have effectively burned the funds in order to send Nobitex a political message,' Elliptic said. Predatory Sparrow is frequently reported in Israeli media as having Israeli connections, although there has been no official proof of the hackers' identity or nationality. 'Although there is no confirmation yet that the funds were moved by Predatory Sparrow, the hack appears to be motivated by the recent escalation of tensions between Israel and Iran,' Elliptic added. Nobitex claims to have over 7 million users and is Iran's main cryptocurrency exchange. Past investigations by independent reporters have revealed linkages between Nobitex and IRGC-linked ransomware operatives and individuals close to Iran's Supreme Leader, Ali Khamenei. The attack occurred amid growing tensions between Israel and Iran, with the two countries exchanging missile strikes, targeting crucial military installations. On Thursday, the US said it would wait for another two weeks before getting directly involved in the conflict, while Russia warned Israel against targeting the Bushehr nuclear power plant. Earlier, President Donald Trump said his patience was running out with Iran. He issued threats to Supreme Leader Ayatollah Ali Khamenei, who then hit back, saying any intervention from the US would result in 'irreparable damage.'
Coin Geek
16 hours ago
- Business
- Coin Geek
Pro-Israel hackers steal $90M from Iranian exchange: report
Getting your Trinity Audio player ready... A pro-Israel hacking collective has made off with $90 million worth of digital assets in a hack on Nobitex, an Iranian exchange. The group, known as Gonjeshke Darande (which is Farsi for 'Predatory Sparrow'), took responsibility for the attack in posts on X. The group followed up by releasing Nobitex's source code and warning that all assets remaining with the exchange were at risk. 'The Nobitex exchange is at the heart of the regime's efforts to finance terror around the world,' claimed Gonjeshke Darande in an X post. 'Nobitex does not even hide the fact that it circumvents sanctions, but rather explicitly teaches this on its website. The regime's dependence on this exchange is so great that working at Nobitex is considered an alternative to military service, as this channel is vital to the regime.' According to the group, the trove includes $48.7 million in USDT, $6.7 million in Dogecoin, and $1.9 million in BTC. Notably, the group claimed it had 'burned' the stolen funds by sending them to addresses with no known keys, effectively destroying the hoard. Blockchain investigator Elliptic corroborates this, finding funds began flowing from Nobitex to addresses containing variations of the term 'F*ckIRGCTerrorists' on the morning of the attack. Earlier this week, the group took responsibility for another hack that destroyed data at Iran's state-owned bank Sepah, saying that it was an institution that 'circumvented international sanctions and used the people of Iran's money to finance the regime's terrorist proxies, its ballistic missile program and its military nuclear program.' However, the group has a longer history of targeting Iran. An attack in 2023 apparently shut down 70% of the gas stations in Iran. In 2022, they claimed credit for a fire that broke out in an Iranian steel mill in a rare instance of physical damage resulting directly from a hacking attack. Gonjeshke Darande's claims about Nobitex are hardly controversial. Next to North Korea, the country is regularly named in the context of digital assets' role in helping states blunt or avoid international sanctions. A series of reports from Reuters in 2022 accused Binance of helping Iranian nationals to make $8 billion worth of digital asset transactions in violation of international sanctions, with most of the funds flowing straight to Nobitex. Iranian officials have openly advocated for using digital assets to get around sanctions, and Western-based companies—including Kraken—have been stung by regulators looking to punish entities who aid in sanctions evasion by processing transactions from Iran. Though the regime's ability to secure financing appears to be the hack's ultimate target, the funds taken from the exchange undoubtedly belonged to many individuals inside and outside Iran who have now lost access to their assets. Indeed, posts on the topic are flooded by ostensibly Iranian X accounts begging for their funds to be returned. Assuming Gonjeshke Darande sent the assets to wallets it had no access to; traditional wisdom would dictate that the funds are lost forever. However, there is growing recognition that individuals might be able to use the courts to force the return of their stolen assets so long as they can prove ownership. Services like Token Recovery have cropped up who make such recovery their business model. Whether anyone with assets held on Nobitex will successfully recover their funds remains to be seen. Given how much of the stolen assets are USD stablecoins, the dollars underlying each one are still held by their issuers, notwithstanding the hackers burning the coins themselves, which may make for an interesting avenue of redress for anyone affected. Watch: Here's how Triple Entry Accounting guarantees trust in accounting title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
India.com
18 hours ago
- Business
- India.com
Israel Iran war: Israel set to cripple Iran financially, wipes out Rs 7813185012 in one stroke by…, Here's how it happened
Hackers believed to be connected to Israel have stolen more than USD 90 million from Iran's largest cryptocurrency exchange, Nobitex. The company confirmed that it was hit by a cyberattack. According to a post on their official X (formerly Twitter) account, both the Nobitex app and website were down while they were checking the damage from the unauthorized access. The stolen money included several types of cryptocurrencies like Bitcoin, Ethereum, Dogecoin, and others. Hackers claim responsibility Some blockchain investigation firms shared that a group came forward on Thursday and claimed responsibility for the hack. They also said they had leaked the full source code of Nobitex. In a message posted on their Telegram channel, the hackers wrote, 'Whatever was left at Nobitex is now public. Their security system is broken.' Advertisement === Traced to political messages According to a blog post by Elliptic, a blockchain analytics company, the stolen funds were sent to crypto addresses that had messages written against Iran's Revolutionary Guard (IRGC). These messages suggest that the attack may have had a political motive too and not just financial. The incident has raised serious questions about cybersecurity in Iran's financial tech space and shows how crypto platforms can become targets during larger geopolitical tensions. Advertisement === Hackers Target Iran's Nobitex to send a political message The hackers who recently stole millions from Iran's biggest crypto exchange, Nobitex, said their goal was not to make money. Instead, they claimed the hack was meant to send a political message. The stolen funds were moved into wallets that seemed designed to embarrass Nobitex and criticize Iran's government. Who are the hackers? The attack was carried out by a hacker group named Gonjeshke Darande, which means 'Predator Bird' in Persian. This group blamed Nobitex for helping Iran's government avoid Western sanctions. They also accused the exchange of secretly moving money to support Iran's fast-growing nuclear program. The group is believed to be linked to Israel, but the Israeli government has never officially admitted to having any ties with them. A political statement, not a heist Security experts believe this was not a money-driven hack. The choice of wallets and the messages left behind show that the real goal was to expose and shame Iran's use of crypto for political and nuclear purposes.
Wall Street Journal
a day ago
- Business
- Wall Street Journal
Iranian Crypto Exchange Hacked, More Than $90 Million Taken
Iran's largest cryptocurrency exchange was drained of more than $90 million on Wednesday, with a pro-Israel hacking group claiming responsibility, according to a blockchain analysis firm. The cyberattack on the exchange, Nobitex, appeared motivated by the ongoing hostilities between Israel and Iran, blockchain analysis firm Elliptic said in a blog post. Elliptic said the hack had been carried out by Gonjeshke Darande, or 'Predatory Sparrow,' which claimed responsibility for an attack on Iran's Bank Sepah earlier this week. A post on an X account associated with Gonjeshke Darande overnight said the exchange's source code would be released in 24 hours and that assets in the exchange would be vulnerable. Elliptic founder Tom Robinson said the claim was credible.
Arabian Post
a day ago
- Business
- Arabian Post
Predatory Sparrow Claims Wipeout of $90 Million in Nobitex Hack
Hackers claiming affiliation with Predatory Sparrow, possibly linked to Israel, have executed a cyber‑strike against Nobitex, Iran's leading cryptocurrency exchange, erasing approximately $90 million worth of digital assets. The assault began in the early hours of 18 June 2025, when the group transferred diverse cryptocurrencies—including Bitcoin, Ethereum and Dogecoin—into vanishing crypto‑wallets designed without private keys, effectively 'burning' the funds to send a deliberate political message. Blockchain analytics firms, including Elliptic and TRM Labs, analysed the transactions and found the emptied addresses bore anti‑IRGC messages, confirming the operation was ideologically motivated rather than financially driven. Elliptic noted that the assets were moved into vanity addresses with embedded slogans denouncing the IRGC, and that the group leaking the funds would not retain the keys, ensuring permanent loss. Noble objective remains politically charged ADVERTISEMENT The group, using its Farsi‑named moniker Gonjeshke Darande—or 'Predatory Sparrow'—publicly accused Nobitex of facilitating Iran's sanctions evasion and funding militant groups, claiming the platform had enabled transactions for IRGC‑linked factions such as Hamas and Yemen's Houthis. Elliptic has traced past ties between Nobitex and IRGC‑affiliated actors, including sanctioned individuals like Amir Hossein Niakeen Ravari and Ahmad Khatibi Aghada. The hack comes amid heightened Israel‑Iran tensions. Reports indicate that Predatory Sparrow also targeted Iran's state‑owned Bank Sepah on 17 June, triggering widespread service disruption, including to ATMs and fuel stations. Analysts interpret these cyber‑operations as extensions of conventional military retaliations between the two nations. Nobitex disruptions raise alarm Nobitex admitted to unauthorised access affecting both its app and website, temporarily shutting services while conducting assessments. Public updates from the exchange have been sparse, and customer inquiries have reportedly gone unanswered. Plans to recover or rebuild lost assets remain unclear, raising concerns among its claimed user base of over 7 million. Despite accusations, Israel has not officially claimed responsibility. Media speculation within the country suggests government backing, but no formal confirmation has been issued. Predatory Sparrow, noted for previous impactful operations—from collapsing gas station networks in 2021 to prompting major fires at a steel mill in 2022—added this attack to its growing list of cyber engagements against Iranian infrastructure. Impact and implications for crypto ecosystem Cyber‑security analysts have labelled the hack 'particularly significant given the comparatively modest size of Iran's cryptocurrency market,' with Chainalysis intelligence chief Andrew Fierman underscoring the political overtones. The operation exemplifies how digital currencies and blockchain platforms are becoming tactical assets and vulnerabilities within geopolitical conflicts. U.S. legislators, including Senators Elizabeth Warren and Angus King, previously raised concerns over Nobitex's facilitation of sanctions avoidance, highlighting its role in enabling Iran's IRGC and related proxies to move financial resources. This attack may intensify scrutiny on crypto exchanges suspected of abetting questionable transactions in sanctioned jurisdictions. Decline of Iran's crypto defences Crypto adoption in Iran has long served as a hedge against economic instability, with citizens and state‑linked groups alike using digital currencies to escape inflationary pressures and circumvent banking restrictions. Nobitex, in particular, developed significant traction, drawing millions of users seeking alternative financial tools. However, analysts warn this sabotage could erode investor trust, disrupt public confidence in digital assets, and invite heightened regulatory oversight. Exchanges in politically sensitive regions may now face new security standards and sanctions compliance demands. A new frontier in cyber‑warfare This development underlines a shift where cyber‑warfare transcends state boundaries, now targeting third‑party financial networks with tangible consequences. By obliterating rather than stealing funds, Predatory Sparrow signalled that its operation aimed to disrupt Iran's crypto‑financing rather than profit from it. Officials tracking these patterns warn that similar tactics may emerge as cyber‑tools of statecraft evolve, affecting financial systems across volatile regions. Experts suggest exchanges handling high‑risk jurisdictions should shore up defences and improve transparency around asset provenance and network resilience. As Nobitex works to restore functionality, regulators, crypto stakeholders and intelligence services will closely examine the incident. The breach draws attention to the critical role of exchanges in global geopolitics, raising complex questions about neutrality, compliance and cybersecurity in an increasingly fraught digital economy.
