Nobitex, the largest cryptocurrency exchange in Iran, has begun the gradual process of restoring services following a devastating $90 million exploit earlier in June 2025. The attack, reportedly carried out by a pro-Israel hacker group, has severely impacted the platform’s operations and user confidence.
Nobitex Reopens for Verified Users Only
According to a statement posted on X, Nobitex has reopened the platform on a limited basis, allowing access only to verified users. Deposits, withdrawals, and trading functions remain disabled, but the exchange noted that withdrawal services may resume starting Monday, June 30, depending on system stability and ongoing audits.
“Our timeline may change as we continue to prioritize user security,” Nobitex said in its update.
As part of the recovery process, Nobitex confirmed that it has migrated all user wallets to protect against further compromise. The exchange emphasized that deposits to old wallet addresses are no longer valid, urging users to follow updated instructions for future transactions.
Attack Linked to Geopolitical Tensions
The group claiming responsibility for the hack, Gonjeshke Darande, is widely believed to be affiliated with pro-Israel cyber operations. The group not only destroyed the stolen assets but also leaked parts of Nobitex’s source code, further compounding the platform’s vulnerabilities.
TRM Labs suggested that the hack may have been part of a broader intelligence operation, possibly aiding in the identification and arrest of Iranian agents in Israel who had allegedly received crypto payments via Nobitex.
Nobitex’s CEO, Amir Rad, maintains the company is a private entity with no ties to Iran’s government or military forces.
Nobitex Dominates Iran’s Crypto Sector
Despite the breach, Nobitex remains a key player in Iran’s crypto ecosystem, accounting for over $11 billion in total inflows—a volume greater than the next ten Iranian exchanges combined, according to blockchain analytics firm Chainalysis.
However, the firm has also reported that Nobitex has been linked to sanctioned Russian exchanges and entities tied to ransomware operations, including those affiliated with the Iranian Revolutionary Guard Corps (IRGC).
Security and Trust at Stake
As Nobitex works to restore full functionality, the incident raises significant questions about cybersecurity in high-risk jurisdictions, especially where geopolitics and crypto intersect. With global scrutiny intensifying, Nobitex’s ability to rebuild trust and secure its infrastructure will be crucial to its long-term survival and market dominance.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.