Original Author: ChandlerZ, Foresight News

As the comprehensive conflict between Israel and Iran continues to escalate, the cyber warfare front has quietly extended into the cryptocurrency domain. The mysterious hacker group Gonjeshke Darande (Persian for "Predatory Sparrow") claims to have launched a large-scale attack on Iran's largest cryptocurrency exchange, Nobitex, successfully obtaining its source code, internal network data, and customer asset data.

So far, nearly $82 million in cryptocurrency assets have been affected, most of which are stablecoins like USDT. Although Tether has the ability to freeze the suspected addresses, on-chain data shows that most of the funds remain in the original accounts, seemingly with no immediate plans for transfer or laundering. This "stagnation" behavior has been interpreted by the community as being more of a demonstration than an economic motive.

Nobitex, Iran's largest cryptocurrency exchange, stolen $81.7 million

On the afternoon of June 18, on-chain detective ZachXBT reported the "Theft of Iran's Cryptocurrency Exchange Nobitex" on his personal channel, stating that the current suspicious outflow of funds has increased from the previous $48.65 million to approximately $81.7 million, with outflows detected on Tron, Bitcoin, DOGE Chain, and EVM chains, involving multiple wallets associated with the exchange.

Nobitex tweeted that its technical team discovered signs of unauthorized access to some information infrastructure and hot wallets. Upon identifying the anomalies, they immediately cut off all access permissions, and the internal security team is currently conducting a detailed investigation into all aspects of the incident. Nobitex stated that user assets are protected according to cold storage standards and are in a completely secure state; this incident only affected a portion of hot wallet assets. Nobitex takes full responsibility for this incident, and all losses will be fully compensated through the insurance fund and Nobitex's own funds.

Until a comprehensive investigation is completed, access to the website and application will be temporarily closed. Further details will be announced after the investigation concludes.

Premium Wallets, Precision Strikes

Yuan Xian, founder of Slow Mist, further stated that Gonjeshke Darande is responsible for the hacking of the Iranian exchange Nobitex, and the hacker addresses are all premium numbers, with political intent outweighing the theft of at least $83 million in assets. A large amount of USDT continues to remain, presumably unafraid of freezing. The following are the hacker addresses:

• TKFuckiRGCTerroristsNoBiTEXy2r7mNX

• 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead

• 1FuckiRGCTerroristsNoBiTEXXXaAovLX

• DFuckiRGCTerroristsNoBiTEXXXWLW65t

Who is Gonjeshke Darande? A Fearsome National Team?

According to a post released by the organization on social media, the Nobitex exchange is at the core of the Iranian regime's funding of global terrorism and is the regime's favorite tool for violating sanctions. The hackers stated in their announcement: "Within 24 hours, we will publicly disclose Nobitex's source code, internal network structure, employee communication records, and other sensitive information. At that time, all assets still remaining on the platform will face irreversible risks."

The organization also claimed that some positions of Nobitex employees are "equated with military service," and their work is considered a "wartime position" contributing to national security.

On June 17, Gonjeshke Darande claimed to have successfully attacked and destroyed data from Iran's Sepah Bank, stating that this attack was retaliation for its military support actions. The Sepah Bank's official website is currently inaccessible, and its London-based subsidiary has not responded to this. Some users reported abnormal access to their accounts. Rob Joyce, former head of cybersecurity at the NSA, stated that such attacks could undermine public trust in the Iranian banking system, leading to far-reaching effects.

In 2022, Gonjeshke Darande also claimed responsibility for causing a fire at an Iranian steel mill, and in 2021, it led to the paralysis of gas stations across Iran. Although Gonjeshke Darande claims to be an independent hacker group, its advanced technology and precise political objectives have led security experts to widely believe that it is supported by powerful state forces, directly pointing to Israel's military intelligence unit, the famous Unit 8200. Of course, regarding such speculation, the Israeli government maintains a vague policy and has never officially acknowledged any connection with the organization.

A New Battlefield of Geopolitical Conflict

This attack on the cryptocurrency exchange comes as military conflicts between Israel and Iran reach a fever pitch. Unlike past "limited" frictions, the recent conflicts have lasted for weeks, with both sides showing a readiness for a major confrontation.

Traditional warfare is no longer limited to missile and gunfire clashes; cyberspace, financial systems, and even cryptocurrency assets are gradually becoming new frontlines in national competition. The continuous strikes by the Gonjeshke Darande organization against Iran's largest cryptocurrency exchange Nobitex and state-owned bank Sepah also reflect the spillover of war into the cryptocurrency domain. Attacking a leading exchange like Nobitex carries far greater strategic significance than attacking an ordinary commercial website.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。