Iran Enforces Crypto Trading Curfew After $100M Crypto Hack on Nobitex

Highlights:

• Iran has limited crypto exchange hours after the Nobitex hack to prevent overnight threats.
• Predatory Sparrow has claimed responsibility for the Nobitex breach.
• Nobitex has assured users that their funds are safe as the exchange moves assets from hot wallets to cold storage.

Iran’s Central Bank has restricted the operating hours of domestic cryptocurrency exchanges following a major breach at Nobitex. The new policy limits trading activity to the hours between 10 AM and 8 PM. This decision comes shortly after the country’s largest exchange reported a cyberattack that led to losses exceeding $100 million. Iranian authorities introduced the measure to help manage potential threats more efficiently and reduce the chances of overnight attacks.

NOW: Iran orders crypto exchange curfew (10 am–8 pm) after a $90–100M hack on @nobitexmarket, aimed at preventing capital flight and improving incident response.#Israel #IsraellranConflict #Iran #IranIsraelConflict pic.twitter.com/BQxF9sNLzQ

— Coin Headlines (@coinheadline) June 19, 2025

Chainalysis, a blockchain analysis firm, reported the development on Wednesday. Andrew Fierman, head of national security intelligence at Chainalysis, explained that controlling incidents is easier during daylight hours. He added that the government may also be trying to reduce the risk of capital flight during a period of heightened geopolitical tension. According to the report, the exploit on Nobitex took place early in the morning.

🚨Today, Iran's largest crypto exchange Nobitex was exploited for $90M+ across multiple cryptocurrencies. A pro-Israel group claimed responsibility, using burner addresses without private key access, suggesting political motivation. Read our blog to learn more:… pic.twitter.com/1M49QEEEha

— Chainalysis (@chainalysis) June 18, 2025

The attackers drained funds from the exchange’s hot wallets, which are internet-connected and more vulnerable. The attackers stole Bitcoin, Ether, Dogecoin, XRP, Solana, TRON, and Toncoin. Chainalysis followed the stolen money and discovered that the attackers moved it to burner wallets. These wallets cannot be recovered using private keys, which makes the assets impossible to get back.

Pro-Israel Group Targets Nobitex in Politically Charged Strike

A hacker group called Gonjeshke Darande, also known as Predatory Sparrow, claimed responsibility for the incident. The group, which supports Israel, stated that the attack aimed to disrupt Iran’s financial operations rather than make a profit. This motive was a deviation from earlier hacks, which tended to be financially oriented. Chainalysis indicated that this case was unique in its political aspect.

After the IRGC’s “Bank Sepah” comes the turn of Nobitex
WARNING!

In 24 hours, we will release Nobitex's source code and internal information from their internal network.
Any assets that remain there after that point will be at risk!

The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE

— Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025

Experts believe the team accessed Nobitex’s internal systems and quickly transferred funds to inaccessible locations. The use of burner wallets made the assets irrecoverable and showed the attackers did not act for financial gain. Instead, it looked like a direct move to cripple the digital infrastructure of Iran.

Nobitex is a central figure of the crypto economy in Iran. According to a report by Chainalysis, the exchange has had more than $11 billion in total inflows. By contrast, the remaining ten largest Iranian exchanges have witnessed only about $7.5 billion. This renders Nobitex an essential gateway into international digital markets among Iranians.

Nobitex has also been connected with some controversial entities. These include Houthi networks in Yemen, Hamas-related networks, and ransomware groups believed to work with the IRGC. The exchange has also sent transactions to Russian-based exchanges Bitpapa and Garantex, which the U.S. government has sanctioned. The links bring into question what functions the platform plays in global crypto activity.

Nobitex Responds to Crypto Hack with Wallet Security Measures

Nobitex issued a statement telling users that its team had brought the system under control after the crypto hack. Nevertheless, access to the platforms was still limited because of the ongoing recovery. The team confirmed that they would use the Nobitex Reserve Fund to cover the losses. The exchange also began transferring assets from hot wallets to offline cold storage for added protection.

Follow-up on Nobitex Security Incident — June 18, 2025

As previously announced, on the morning of Wednesday, June 18, Nobitex detected unauthorized access to part of its infrastructure — specifically affecting internal communication systems and a segment of the hot wallet…

— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025

Nobitex warned users that internet disruptions could slow down access to the platform. Chainalysis observed that the exchange moved large amounts of Bitcoin to cold wallets shortly after the breach. Meanwhile, Gonjeshke Darande also claimed responsibility for a separate cyberattack on Bank Sepah. The bank is one of Iran’s largest state-owned financial institutions, and the back-to-back incidents have heightened concerns across Iran’s financial and digital sectors.