On June 18, 2025, Nobitex, Iran's largest cryptocurrency exchange platform, suffered a major cyber attack in the early hours of the day, with some hot wallet assets being completely looted. A hacker group claiming to be "Gonjeshke Darande" (Predatory Sparrow), widely believed to be linked to Israel, has boldly claimed responsibility for the incident on social media and threatened to leak the exchange's source code within 24 hours.
This is not only a "Pearl Harbor" moment for Iran's crypto industry but also a dangerous signal: in the global geopolitical chessboard, crypto infrastructure is being used as a weapon for precision strikes, and the chain reaction could far exceed the survival of a single exchange.
The "Blitzkrieg" at Dawn: A Textbook Precision Strike
According to an emergency security notice released by Nobitex, the attack occurred in the early hours of June 18 local time. The hackers breached the platform's security defenses in a very short time, successfully accessing the hot wallet system used for processing daily transactions and quickly transferring an undetermined amount of crypto assets.
Although Nobitex immediately suspended all services and emphasized that the cold wallets (offline storage) holding the vast majority of the platform's total assets were safe, and promised to fully compensate affected users through an insurance fund, the panic in the market did not subside. The symbolic significance and psychological impact of this attack far outweigh the potential direct economic losses.
Even industry leaders in the region may be vulnerable in the face of national-level cyber attack forces.
“Predatory Sparrow”: A Ghost Hovering Over Tehran
“Gonjeshke Darande” is not an unknown entity. This mysterious hacker organization has become a sword of Damocles hanging over Iran's critical infrastructure in recent years. Its past "achievements" are alarming:
December 2023: Paralyzed 70% of Iran's nationwide gas station network.
2022: Launched an attack on Iranian steel mills, causing production disruptions.
June 17, 2025: Just a day before attacking Nobitex, the organization claimed to have inflicted a devastating blow on Iran's state-owned Bank Sepah, deleting its core data.
Each attack has precisely targeted the pain points of Iran's economy and people's livelihoods. The choice of Nobitex this time also reveals a clear strategic intent. In a statement on the X platform, the organization directly accused Nobitex of "providing financial support to the Iranian regime" and attempted to completely destroy its technical credibility by publicly releasing the source code.
Although Israeli officials have never acknowledged any connection to the organization, the complexity of its attack methods, the precision of its timing, and the strategic nature of its targets strongly point to the background of a state-level actor.
When Crypto Becomes the "Soft Spot" in Geopolitical Games
This incident must be interpreted against the backdrop of the rapidly deteriorating Iran-Israel conflict. As missiles and drones confront each other in the real world, cyberspace has become the "second battlefield" for both sides.
The existence of Nobitex itself carries a strong geopolitical color. Under severe financial sanctions from the West, it provides countless Iranian citizens and businesses with an alternative channel to bypass the traditional SWIFT system and participate in the global economy. It is not only Iran's largest crypto trading platform but also an important window for the country to counter financial blockades.
For this reason, it has also become a highly valuable "soft spot" in the eyes of its adversaries. Destroying Nobitex could not only cause direct economic losses but also psychologically undermine the Iranian people's confidence in "safe-haven assets," further impacting the already fragile domestic financial stability. As former NSA official Rob Joyce commented, "When a country's key financial institutions fall one after another, a systemic trust crisis is not far behind."
A Wake-Up Call for the Industry: How Far Are We from the "Next Theft"?
From Bybit being hacked for over $1.5 billion in February 2025 to the precise strike on Nobitex today, the security issues of crypto exchanges have once again come to the forefront. Although the separation of hot and cold wallets has become an industry standard, the online nature of hot wallets keeps them perpetually exposed to attackers.
The SlowMist security team has pointed out that social engineering, insider infiltration, supply chain attacks, and other methods make the defenses of exchanges far more vulnerable than imagined. Gonjeshke Darande even threatened to release the source code, suggesting they may have gained the highest level of access to the platform, a deep penetration that is fatal for any centralized service.
This incident sends a stern warning to all crypto users globally: the platform you trust may become a victim of geopolitical conflict at any time. The ultimate safety of assets may not depend on the platform's promises but rather on its position on the geopolitical chessboard.
Conclusion: The "New Normal" in a Decentralized World
The attack on Nobitex marks the arrival of a new era in the crypto world. In this era, code is law, but geopolitics is a higher law that supersedes code. From the ongoing plundering of DeFi protocols by North Korean hacker group Lazarus to the current precision strikes by "Predatory Sparrow" on centralized exchanges, the conflict between crypto assets and nation-states is becoming deeply intertwined.
The short-term market fluctuations may soon settle, but the shadow looming over the industry is growing ever darker. For investors, diversifying platform risks, embracing self-custody, and strengthening personal security measures are no longer options but essential survival rules.
In this increasingly intertwined digital and real world, protecting one's assets ultimately relies on oneself.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
