Latest news with #GonjeshkeDarande
Yahoo
14 hours ago
- Business
- Yahoo
Crypto's Worst Six Months Yet? North Korea Hacks Lead to $2.1B in Thefts
Crypto investors lost over $2.1 billion to hacks and exploits in the first half of 2025, marking the worst six-month period on record for crypto security and an indication of some nation-states intensifying their cyber campaigns in the crypto space. The 75 recorded incidents crossed the previous H1 high from 2022 by roughly 10% and nearly match the entire 2024 total, a TRM Labs report released Friday said. But raising alarms is who is doing a major part of the stealing. Researchers say North Korean-linked groups are responsible for $1.6 billion, or 70% of all stolen funds this year. At the center of the surge is the $1.5 billion Bybit hack in February, now believed to have been carried out by North Korea, marking the largest crypto theft in history and skewing the year's average hack size to $30 million — or double last year's levels. The threat isn't limited to Pyongyang. On June 18, a group believed to be linked to Israel, Gonjeshke Darande (Predatory Sparrow), stole $90 million from Iranian exchange Nobitex, reportedly in retaliation for the platform's alleged role in sanction evasion. The stolen funds were sent to vanity addresses (which are un-spendable by design and sent tokens are deemed burnt), suggesting a political motive over profit. Attack vectors are evolving fast. Over 80% of stolen funds stemmed from infrastructure-level breaches, including private key thefts and front-end hijacks. These attacks, often involving social engineering or insider access, are proving to be ten times more lucrative than traditional smart contract exploits. DeFi vulnerabilities, including flash loan and reentrancy attacks, which were prevalent in 2021-22, accounted for a relatively small 12% of the losses.
The Guardian
5 days ago
- Politics
- The Guardian
Tech in the Iran-Israel conflict: internet blackout, crypto burning and home camera spying
The war between Israel and Iran, though largely a fight of fighter planes, drones and bombs, is erupting in the digital realm as well. Both countries have long histories with digital warfare. The particular focus of the current conflict, Iran's nuclear program, was the target of one of the first cyberweapons meant to cause physical destruction, the sophisticated worm Stuxnet. Iran, clearly fearful of an online Israeli incursion, imposed a near-total internet blackout early last week. My colleague Johana Bhuiyan reports: Cybersecurity company Cloudflare assessed that internet traffic levels in Iran 'are now ~97% below where they were at the same time a week ago'. Severed internet connectivity has led to a troubling lack of access to information for everyday Iranians as their country descends into conflict. The reduction in internet speeds comes after an anti-Iranian government hacking group with potential ties to Israel claimed that it hacked Iran's state-owned Bank Sepah. Fatemeh Mohajerani, a spokesperson for Iran's government, said on Twitter/X that officials in Tehran had restricted internet access to ward off additional cyberattacks. On Wednesday, Iran's fears came to fruition. My colleague Dan Milmo reports: An Israel-linked hacking group has claimed responsibility for a $90m (£67m) heist on an Iranian cryptocurrency exchange. The group known as Gonjeshke Darande, Farsi for Predatory Sparrow, said on Wednesday it had hacked the Nobitex exchange, a day after claiming it had destroyed data at Iran's state-owned Bank Sepah. Elliptic, a consultancy specialising in crypto-related crime, said it had so far identified more than $90m in cryptocurrency sent from Nobitex crypto wallets to hacker addresses. The hackers appear to have in effect 'burned' those funds, rendering them inaccessible by storing them in 'vanity addresses' for which they do not have the cryptographic keys, Elliptic said. Iran has attempted to retaliate, but as with the wider war, it seems that Israeli attacks have been more successful and damaging. Israeli officials warned the country's residents that Iran is hijacking home security cameras that are connected to the internet to gather real-time intelligence on the ground, Bloomberg reports. Security professionals say hackers for Hamas and Russia have done the same. Home cameras may be a new front in the waging of war, but disrupting them does not seem as powerful as disrupting a central bank, as Israel has done. Late Friday, Iran seemed to lift the internet blackout for some citizens, the New York Times reported, though even those who could access limited online services believed their connections were temporary. PornHub, widely estimated to be the most-visited site for pornographic content in the world, returned to France on Friday after a three-week blackout. The site's owner, Aylo, had rescinded access to the site protest of a new French law demanding adult websites verify users' ages with a credit card or identification document. PornHub drew a line in the sand on the issue and revoked access for a market of nearly 70 million rather than implement an age gate. Since then, a French court has suspended the law while it considers compliance with the European Union's constitution, and so Pornhub is back online. But the quarrel between Paris and PornHub is the latest front in the debate over online age verification, which is heating to a boil across the globe. The issue sits at the intersection of two driving forces of internet regulation that often conflict: keeping children safe online and preserving both privacy and freedom of expression. It's an area where lawmakers have been uncharacteristically prone to action, even in the US, where tech regulation is often as hands off as can be. More than 20 states now have age verification laws on the books. PornHub has made itself unavailable in 17 of them. Texas, the second-most populous state in the US with 31m people, is the highest-profile example. The state legislature there passed a law requiring an ID to visit PornHub in September 2023. In March of the following year, the site went dark in the state, greeting would-be visitors with a banner calling the law 'ineffective, haphazard, and dangerous'. In Louisiana, which has imposed age verification laws, PornHub is still available, but it has seen traffic there decline by 80%, which it attributes to the barrier of the ID requirement. The US supreme court heard arguments in January over whether these laws infringe on the constitutional right to free speech. Research into the laws into the US have found that they are not effective in their stated goal. Online search data showed that people in states with age verification laws sought out porn sites that did not comply with local laws so as to circumvent the age gates as well as virtual private networks to hide their locations from internet providers. The other battlefields over age verification concern social media bans for underage users. Australia, which has passed a law banning under-16s from social media, has been testing different technologies with which to enforce its prohibition but found them lacking. Sign up to TechScape A weekly dive in to how technology is shaping our lives after newsletter promotion The UK is the next frontier in the fight. The UK's system for verifying ages to keep pornography away from children, a provision of the Online Safety Act, will take effect in July. Will London be the next Paris or the next Texas? Last week, Donald Trump debuted a mobile phone branded with his family name – 'T1' etched into the gold case alongside an American flag – with a listed price of $500 and a pledge that it would be 'proudly designed and built in the United States'. Specifically in Alabama, California and Florida. Its monthly service plan will cost $47.45. The Trump phone will struggle to live up to those promises. Its makers have to abide by the same market forces as other phonemakers. Both cheap labor and electronics expertise reside in China. They do not in the US. There's a reason Apple's phones are labeled 'Designed in California' – to take advantage of the caché and appeal of the US without suffering its labor costs. Looking ahead, experts predict that Trump's own tariffs could cause the price of smartphones to spike by double or even triple digits. The electronics supply chain in the US is nowhere near developed enough to assemble a phone entirely domestically. Analysts at investment bank UBS warned in April that the price of an iPhone 16 Pro Max with 256GB of storage could rise by 79% from $1,199 to about $2,150, based on a total tariff of 145%. Apple itself seemed to concur with those assessments when it flew some $2bn worth of iPhones into the US before the tariffs on China went into effect. There is already an example of a phone assembled – but not entirely made – in the US, the Liberty Phone. It costs nearly four times what Trump promises his will, nearly $2000. The Liberty Phone sources its motherboard from the US but still requires screens, batteries and cameras manufactured overseas, according to a Wall Street Journal interview with the CEO of Purism, which manufactures the device. Its operating system can only run basic apps such as a calculator and a web browser because it runs on PureOS, software of the company's own making, per the Journal. The specs on the Liberty Phone are worse than Trump's T1, though the price is higher, making the president's device even less likely to appear on the market as announced. Some of the promised technical capabilities of the T1 would best those of the top-of-the-line iPhones, which cost nearly double what Trump has promised. The Verge put together a good list of which Chinese companies might manufacture the phone for Trump to white label. Eric Trump, who is co-leading the venture with his brother Donald Jr, has acknowledged that the first batch of T1 phones will not be made in the US. 'Eventually, all the phones can be built in the United States of America,' Eric Trump said last week. We'll see. Read more: Why you can't just repair your phone in the US to avoid Trump tariffs Do electric vehicles make people more carsick? Internet users advised to change passwords after 16bn logins exposed WhatsApp messaging app banned on all US House of Representatives devices OpenAI takes down mentions of Jony Ive's io amid trademark row 'Have you heard of this BDSM trend?' What I learned recording thousands of hours of teens on their phones Tesla set to unveil self-driving car service in Austin Trump's plan to ban US states from AI regulation will 'hold us back', says Microsoft science chief Keir Starmer's AI tsar to step down after six months in role
Daily Maverick
5 days ago
- Business
- Daily Maverick
Hackers hit Iran's largest cryptocurrency exchange, while global crypto markets tumble after US bombing
At the intersection of geopolitics and cryptocurrency, a sophisticated cyberattack on Iran's financial infrastructure has reverberated through global crypto markets, offering sobering lessons for regulators worldwide. In what appears to be one of the most politically motivated cryptocurrency heists in history, the pro-Israel hacker group Gonjeshke Darande (Predatory Sparrow) infiltrated Iran's largest crypto exchange, Nobitex, making off with between R1.5-billion and R1.8-billion in bitcoin, ethereum, dogecoin, XRP and solana. But here's the twist: it wasn't about the money. Instead, the hackers 'burned' the stolen cryptocurrency, permanently removing it from circulation by sending it to inaccessible wallet addresses — a digital equivalent of setting cash on fire. The attackers used provocative 'vanity addresses' containing explicit anti-terrorist messages, making their political motivations crystal clear. After the IRGC's 'Bank Sepah' comes the turn of Nobitex WARNING! In 24 hours, we will release Nobitex's source code and internal information from their internal network. Any assets that remain there after that point will be at risk! The Nobitex exchange is at the heart of the… — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 'Unlike typical hacks for financial gain, the intent here appears to have been politically motivated, aiming to take funds away from the regime,' according to an analysis of the incident. The same group also claimed responsibility for simultaneously destroying data at Iran's state-owned Bank Sepah, which they accused of funding Iran's military. The sophistication of these attacks has led security experts to suggest they're beyond the capabilities of typical activist hackers and more in line with nation-state operations. Iran's crypto curfew response Iran's central bank responded by imposing strict operating hours on domestic crypto exchanges, limiting them to 10am-8pm daily. This 'crypto curfew' appears designed to prevent capital flight during periods of high geopolitical tension and assert greater control over citizens' cross-border cryptocurrency transactions. It's not the first time Iran has flexed its regulatory muscles over crypto. In December, the central bank temporarily shut down all exchanges to prevent the national currency, the rial, from depreciating further. The timing couldn't be worse for Iranian crypto users. Chainalysis notes that Nobitex plays a critical role in Iran's crypto ecosystem, processing more than R200-billion in total inflows, significantly more than the next 10 largest Iranian exchanges combined. For Iranian users cut off from traditional finance due to international sanctions, it serves as a crucial gateway to global crypto markets. Lessons for Africa When national currencies face devaluation due to economic instability or sanctions, cryptocurrencies and stablecoins can serve as stores of value. This is particularly relevant in African countries experiencing high inflation or currency instability. Unlike traditional financial systems that can be easily shut down or restricted by governments, cryptocurrency networks operate across borders and are more difficult to completely block, though governments can still restrict access to exchanges and on-ramps. Iran's crypto curfew shows how quickly governments can impose restrictions during crises. This uncertainty can affect market access and asset values. The key is staying informed about local regulations, using reputable exchanges with strong security practices, and understanding that while cryptocurrency can provide financial flexibility during uncertain times, it's not immune to geopolitical shocks and market volatility. Global market meltdown The crypto market's reaction to escalating Middle East tensions has been swift and brutal. Following US airstrikes on Iranian nuclear facilities and President Donald Trump's hints at potential regime change, global cryptocurrency markets shed more than R20-billion in liquidations within 24 hours. Bitcoin crashed below the six-figure mark for the first time in 45 days. Ethereum plummeted to its lowest price since May, while solana dropped by 8%. The Block's GMCI30 index, tracking the top 30 cryptocurrencies, slid by nearly 10% over the week, with smaller altcoins faring even worse — small caps plunged by 17% and AI-linked tokens plummeted by 20%. Perhaps most tellingly, Iran's parliament urged leaders to consider closing the Strait of Hormuz, a crucial artery for global oil shipments. While Iran has never successfully closed the strait, the mere threat rattled markets and highlighted how quickly geopolitical tensions can spill over into financial markets. The selloff challenges the narrative of bitcoin as a 'safe haven' asset during geopolitical uncertainty. Instead of flocking to crypto, traders opted to cash out, suggesting that fear temporarily outweighed any safe haven appeal. African lessons in regulatory balance The Iranian situation offers valuable lessons for African regulators grappling with how to approach cryptocurrency regulation. Sub-Saharan Africa has the world's highest rate of stablecoin adoption at 9.3%, with Nigeria ranking as the world's second-largest adopter of digital assets. But the Nobitex hack serves as a reminder of the cybersecurity risks associated with centralised exchanges. African countries and exchanges need robust security protocols, regular audits, and clear incident response plans to protect user funds and maintain trust. Perhaps most importantly, the Iranian situation demonstrates the dangers of regulatory ambiguity. Iran's central bank warnings conflict with the pervasive use of crypto in the country, creating uncertainty that can be exploited by bad actors or lead to poorly designed reactive policies. DM
Coin Geek
20-06-2025
- Business
- Coin Geek
Pro-Israel hackers steal $90M from Iranian exchange: report
Getting your Trinity Audio player ready... A pro-Israel hacking collective has made off with $90 million worth of digital assets in a hack on Nobitex, an Iranian exchange. The group, known as Gonjeshke Darande (which is Farsi for 'Predatory Sparrow'), took responsibility for the attack in posts on X. The group followed up by releasing Nobitex's source code and warning that all assets remaining with the exchange were at risk. 'The Nobitex exchange is at the heart of the regime's efforts to finance terror around the world,' claimed Gonjeshke Darande in an X post. 'Nobitex does not even hide the fact that it circumvents sanctions, but rather explicitly teaches this on its website. The regime's dependence on this exchange is so great that working at Nobitex is considered an alternative to military service, as this channel is vital to the regime.' According to the group, the trove includes $48.7 million in USDT, $6.7 million in Dogecoin, and $1.9 million in BTC. Notably, the group claimed it had 'burned' the stolen funds by sending them to addresses with no known keys, effectively destroying the hoard. Blockchain investigator Elliptic corroborates this, finding funds began flowing from Nobitex to addresses containing variations of the term 'F*ckIRGCTerrorists' on the morning of the attack. Earlier this week, the group took responsibility for another hack that destroyed data at Iran's state-owned bank Sepah, saying that it was an institution that 'circumvented international sanctions and used the people of Iran's money to finance the regime's terrorist proxies, its ballistic missile program and its military nuclear program.' However, the group has a longer history of targeting Iran. An attack in 2023 apparently shut down 70% of the gas stations in Iran. In 2022, they claimed credit for a fire that broke out in an Iranian steel mill in a rare instance of physical damage resulting directly from a hacking attack. Gonjeshke Darande's claims about Nobitex are hardly controversial. Next to North Korea, the country is regularly named in the context of digital assets' role in helping states blunt or avoid international sanctions. A series of reports from Reuters in 2022 accused Binance of helping Iranian nationals to make $8 billion worth of digital asset transactions in violation of international sanctions, with most of the funds flowing straight to Nobitex. Iranian officials have openly advocated for using digital assets to get around sanctions, and Western-based companies—including Kraken—have been stung by regulators looking to punish entities who aid in sanctions evasion by processing transactions from Iran. Though the regime's ability to secure financing appears to be the hack's ultimate target, the funds taken from the exchange undoubtedly belonged to many individuals inside and outside Iran who have now lost access to their assets. Indeed, posts on the topic are flooded by ostensibly Iranian X accounts begging for their funds to be returned. Assuming Gonjeshke Darande sent the assets to wallets it had no access to; traditional wisdom would dictate that the funds are lost forever. However, there is growing recognition that individuals might be able to use the courts to force the return of their stolen assets so long as they can prove ownership. Services like Token Recovery have cropped up who make such recovery their business model. Whether anyone with assets held on Nobitex will successfully recover their funds remains to be seen. Given how much of the stolen assets are USD stablecoins, the dollars underlying each one are still held by their issuers, notwithstanding the hackers burning the coins themselves, which may make for an interesting avenue of redress for anyone affected. Watch: Here's how Triple Entry Accounting guarantees trust in accounting title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="">
LeMonde
20-06-2025
- Politics
- LeMonde
Who is Gonjeshke Darande, the group behind the cyberattack targeting Sepah Bank in Iran?
While missiles and bombs have flown between Israel and Iran since the large-scale attack launched by Israel on Friday, June 13, the conflict has also extended into cyberspace. On Tuesday, June 17, the group Gonjeshke Darande ("Predatory Sparrow" in Farsi) claimed responsibility for a cyberattack against Sepah Bank, one of the country's largest financial institutions. 24 hours later, on its Telegram channel, the group announced it had targeted Nobitex, the main cryptocurrency exchange platform in Iran, which Gonjeshke Darande described as "a key tool for the regime to finance terrorism and circumvent sanctions." While the group reportedly stole and made disappear as much as $90 million from Nobitex, the full impact of the attack on Sepah Bank has not been completely confirmed. However, the claim is credible, as Gonjeshke Darande has already demonstrated its ability to damage Iranian interests. Although some of its malicious software had been used as early as 2019 against Iranian interests in Syria, the group emerged publicly in summer 2021, when it claimed responsibility for two major operations. The first such operation targeted the Iranian railways, delaying trains and disrupting station activity; the hackers even altered information screens to display the phone number of the office of Supreme Leader Ali Khamenei. The following day, the website of the Ministry of Transport was hit by another cyberattack. "Our goal with this attack was to express our disgust at the abuses and cruelty inflicted by the government on the Iranian nation," the group wrote on its Telegram channel at the time.
