Latest news with #Nobitex
Crypto Insight
4 days ago
- Business
- Crypto Insight
Indian crypto exchange CoinDCX hacked, $44 million drained
Indian cryptocurrency exchange CoinDCX was hacked on Friday, leaving the exchange drained of $44 million. The hackers compromised one of CoinDCX's internal accounts used for 'liquidity provisions' with another exchange through a server breach. No user funds were affected due to the exploit, according to CoinDCX CEO Sumit Gupta. The CEO also said that all customer funds remain safe and wrote: 'The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves.' 'The attacker's address was funded with 1 Ether from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum,' onchain sleuth ZachXBT said. Cointelegraph reached out to CoinDCX for comment but was unable to obtain a response by the time of publication. Analyst Infinity Hedge noted that popular Indian exchange WazirX was hacked for $235 million on this exact date, one year ago — a reminder of the persistent cybersecurity threats facing the crypto industry and investors. Other crypto exchanges that fell prey to hackers in the last month Iranian exchange Nobitex was hacked for $100 million on June 18 in a politically-motivated attack by a pro-Israel hacker group calling itself 'Gonjeshke Darande.' After stealing $100 million in the initial hack, the group leaked the source code for the exchange online, further exposing users of the crypto platform. GMX V1, a version of the GMX Protocol perpetual exchange operating on the Arbitrum blockchain network, suffered a cybersecurity exploit on July 9, with the hacker making away with $40 million. However, the hacker returned the stolen funds several days later, accepting a $5 million white hat bounty in return for the $40 million in crypto. Decentralized finance (DeFi) platform Arcadia Finance was the target of a smart contract exploit on Tuesday, leading to $3.5 million in crypto drained by the threat actor. Source:
Mint
29-06-2025
- Business
- Mint
How Israel-aligned hackers hobbled Iran's financial system
While Israel and the U.S. were bombing Iran's nuclear sites, another battlefield emerged behind the scenes: the financial infrastructure that keeps Tehran connected to the world. Israeli authorities, and a pro-Israeli hacking group called Predatory Sparrow, targeted financial organizations that Iranians use to move money and sidestep the U.S.-led economic blockade, according to Israeli officials and other people familiar with the efforts. U.S. sanctions, imposed off-and-on for decades due to Tehran's nuclear program and support for Islamist groups, have aimed to cut Iran off from the international financial system. Predatory Sparrow, which operates anonymously and posts updates of its activities on X, said this past week that it crippled Iran's state-owned Bank Sepah, which services Iran's armed forces and helps them pay suppliers abroad, knocking out its online banking services and cash machines. Iranian state media acknowledged the damage. The group also breached Nobitex, Iran's largest cryptocurrency exchange, popular with locals for transferring money overseas. The hackers extracted about $100 million in funds and forced the platform to shut down, according to the exchange. Iran's government pulled the plug on much of the country's online activities to prevent further attacks and keep a lid on dissent. Non-Iranian websites were blocked. Citizens were warned against using foreign phones or messaging platforms that it claimed could collect audio and location data for Israeli spies. Government officials were banned from using laptops and smartwatches. Predatory Sparrow said the two hacks were directed against the 'financial lifelines" of the Islamic Revolutionary Guard Corps, the most powerful faction of Iran's military that also controls swaths of the economy. 'Noble people of Iran! Withdraw your funds before it is too late," it tweeted. Both targeted companies remain hobbled. Nobitex said it faced serious challenges in restoring services and was aiming to relaunch trading this coming week. Some Bank Sepah users say online they still aren't receiving deposits. The group didn't say if it was acting on behalf of Israeli authorities. 'The group's sophistication, target selection and geopolitical messaging fit the profile of an Israel-aligned, state-sponsored cyber actor," said Deddy Lavid, chief executive of Cyvers, a Tel Aviv-based cybersecurity firm. Predatory Sparrow didn't respond to requests for comment sent to the administrator of its Telegram group. The cyberattacks hit an economy already battered by U.S. sanctions that bar the purchase of Iran's oil or interactions with its banks. Iran's economy is highly dependent on a select few trading partners, notably China. Annual inflation runs above 40%, according to the World Bank. A constant flight of skilled workers has also throttled Iran's economic growth. Israel confirmed a cease-fire with Iran on Tuesday. But cybersecurity experts and Israeli officials expect the cyberwarfare to continue. 'Israel will likely keep launching precision cyberstrikes against the regime's power centers," said Lavid. Officials at Israel's National Bureau for Counter-Terror Financing said they didn't have information on links between Predatory Sparrow and Israeli authorities. They said Israel was broadly targeting the economic infrastructure that allowed Iran to finance its military and proxies, imposing sanctions earlier this month on its central bank and other banks used by the IRGC. The NBCTF, which is overseen by the defense ministry, plans to issue orders to exchanges outside Iran to help it seize more of Nobitex's crypto holdings. It has identified a further $150 million in funds held by Nobitex, the officials said. Pro-Iran cyber groups have hit back, targeting Israeli government websites with denial-of-service attacks, in which hackers aim to overwhelm computers that route internet traffic with a flood of requests, and sending phishing messages to Israelis in a bid to compromise their phones. The Israel National Cyber Directorate said Iran's cyberattacks hadn't caused damage in recent weeks. Paranoia swept through the Iranian population as the attacks, both physical and cyber, mounted. 'It's better to cut [the internet] off. Israel can see everything," said Mohammad Ghorbaniyan, a Tehran-based money changer whom the U.S. sanctioned several years ago for allegedly aiding Iranian hackers, an accusation he denies. The Bank Sepah hack last Tuesday halted payments, including salaries owed to military retirees, according to Fars News Agency, which is controlled by the IRGC. Many of its cash machines stopped working. The U.S. Treasury Department said last year that Bank Sepah, which has branches on Iranian military bases, helps Iran's defense ministry pay foreign suppliers via a sprawling shadow-banking network. Nobitex went offline the next day. The Tehran-based crypto exchange has processed transactions in excess of about $22 billion for users since its 2017 launch, according to blockchain research firms and the officials from Israel's NBCTF. 'This attack had political motives to create emotional distress and damage the Iranian people's property," Nobitex's chief executive, Amir Rad, said in a video posted on its Telegram channel. As in Russia and other countries cut off from international finance, cryptocurrencies, in particular dollar-pegged stablecoins such as tether, have emerged as a vital workaround in Iran, providing a medium through which users can shift money between local and foreign banks. Nobitex's 11 million customers use the platform to swap Iranian rials for tether, which they can convert into other traditional currencies abroad. Rad has said on his LinkedIn account that Nobitex's goal is to allow Iranians to trade crypto despite 'the shadow of sanctions." 'Nobitex has been the main option for the Iranians to skip the sanctions," said Amit Levin, a former Israeli prosecutor and ex-investigator at the Binance crypto exchange who now advises companies on financial-crime compliance. The Islamic Revolutionary Guard Corps had also turned to Nobitex for international payments, according to the Israeli officials and blockchain researchers. Crypto analytics firm Elliptic has found that two IRGC operatives, whom the U.S. accused of conducting ransomware attacks on American companies, used Nobitex to make transfers. Rad said he didn't believe that the IRGC was moving money through Nobitex because he operated a transparent platform that was closely monitored. Predatory Sparrow has been wreaking havoc on Iran since at least 2021. In earlier hacks, the group disabled gas-station payment systems across the country and triggered a fire at an Iranian steel plant. For their operation against Nobitex, the hackers managed to obtain the keys for the exchange's cryptocurrency wallets, which were held by key personnel within the company, said Rad. Predatory Sparrow then 'burned" the stolen $100 million by sending the tokens to other digital wallets the group itself couldn't access. These wallets' addresses, which are made up of long strings of numbers and letters, contained profane phrases like 'F—IRGCterrorists." Nobitex's initial investigation into the breach indicated that Israel's government had likely supported it, Rad said, though he declined to provide proof of his claim. He said Nobitex was a private, independent company with no affiliation to the Iranian state, including the IRGC. Write to Angus Berwick at
Daily Maverick
23-06-2025
- Business
- Daily Maverick
Hackers hit Iran's largest cryptocurrency exchange, while global crypto markets tumble after US bombing
At the intersection of geopolitics and cryptocurrency, a sophisticated cyberattack on Iran's financial infrastructure has reverberated through global crypto markets, offering sobering lessons for regulators worldwide. In what appears to be one of the most politically motivated cryptocurrency heists in history, the pro-Israel hacker group Gonjeshke Darande (Predatory Sparrow) infiltrated Iran's largest crypto exchange, Nobitex, making off with between R1.5-billion and R1.8-billion in bitcoin, ethereum, dogecoin, XRP and solana. But here's the twist: it wasn't about the money. Instead, the hackers 'burned' the stolen cryptocurrency, permanently removing it from circulation by sending it to inaccessible wallet addresses — a digital equivalent of setting cash on fire. The attackers used provocative 'vanity addresses' containing explicit anti-terrorist messages, making their political motivations crystal clear. After the IRGC's 'Bank Sepah' comes the turn of Nobitex WARNING! In 24 hours, we will release Nobitex's source code and internal information from their internal network. Any assets that remain there after that point will be at risk! The Nobitex exchange is at the heart of the… — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 'Unlike typical hacks for financial gain, the intent here appears to have been politically motivated, aiming to take funds away from the regime,' according to an analysis of the incident. The same group also claimed responsibility for simultaneously destroying data at Iran's state-owned Bank Sepah, which they accused of funding Iran's military. The sophistication of these attacks has led security experts to suggest they're beyond the capabilities of typical activist hackers and more in line with nation-state operations. Iran's crypto curfew response Iran's central bank responded by imposing strict operating hours on domestic crypto exchanges, limiting them to 10am-8pm daily. This 'crypto curfew' appears designed to prevent capital flight during periods of high geopolitical tension and assert greater control over citizens' cross-border cryptocurrency transactions. It's not the first time Iran has flexed its regulatory muscles over crypto. In December, the central bank temporarily shut down all exchanges to prevent the national currency, the rial, from depreciating further. The timing couldn't be worse for Iranian crypto users. Chainalysis notes that Nobitex plays a critical role in Iran's crypto ecosystem, processing more than R200-billion in total inflows, significantly more than the next 10 largest Iranian exchanges combined. For Iranian users cut off from traditional finance due to international sanctions, it serves as a crucial gateway to global crypto markets. Lessons for Africa When national currencies face devaluation due to economic instability or sanctions, cryptocurrencies and stablecoins can serve as stores of value. This is particularly relevant in African countries experiencing high inflation or currency instability. Unlike traditional financial systems that can be easily shut down or restricted by governments, cryptocurrency networks operate across borders and are more difficult to completely block, though governments can still restrict access to exchanges and on-ramps. Iran's crypto curfew shows how quickly governments can impose restrictions during crises. This uncertainty can affect market access and asset values. The key is staying informed about local regulations, using reputable exchanges with strong security practices, and understanding that while cryptocurrency can provide financial flexibility during uncertain times, it's not immune to geopolitical shocks and market volatility. Global market meltdown The crypto market's reaction to escalating Middle East tensions has been swift and brutal. Following US airstrikes on Iranian nuclear facilities and President Donald Trump's hints at potential regime change, global cryptocurrency markets shed more than R20-billion in liquidations within 24 hours. Bitcoin crashed below the six-figure mark for the first time in 45 days. Ethereum plummeted to its lowest price since May, while solana dropped by 8%. The Block's GMCI30 index, tracking the top 30 cryptocurrencies, slid by nearly 10% over the week, with smaller altcoins faring even worse — small caps plunged by 17% and AI-linked tokens plummeted by 20%. Perhaps most tellingly, Iran's parliament urged leaders to consider closing the Strait of Hormuz, a crucial artery for global oil shipments. While Iran has never successfully closed the strait, the mere threat rattled markets and highlighted how quickly geopolitical tensions can spill over into financial markets. The selloff challenges the narrative of bitcoin as a 'safe haven' asset during geopolitical uncertainty. Instead of flocking to crypto, traders opted to cash out, suggesting that fear temporarily outweighed any safe haven appeal. African lessons in regulatory balance The Iranian situation offers valuable lessons for African regulators grappling with how to approach cryptocurrency regulation. Sub-Saharan Africa has the world's highest rate of stablecoin adoption at 9.3%, with Nigeria ranking as the world's second-largest adopter of digital assets. But the Nobitex hack serves as a reminder of the cybersecurity risks associated with centralised exchanges. African countries and exchanges need robust security protocols, regular audits, and clear incident response plans to protect user funds and maintain trust. Perhaps most importantly, the Iranian situation demonstrates the dangers of regulatory ambiguity. Iran's central bank warnings conflict with the pervasive use of crypto in the country, creating uncertainty that can be exploited by bad actors or lead to poorly designed reactive policies. DM
The Hill
23-06-2025
- Politics
- The Hill
Iranian-aligned hackers claim responsibility for Truth Social cyberattack
Hackers aligned with Iran have claimed responsibility for a cyberattack on President Trump's Truth Social platform, according to the cyber nonprofit Center for Internet Security (CIS). The Iran-aligned hacking group 313 Team took credit for a distributed denial of service (DDos) attack on Truth Social within hours of U.S. strikes on several Iranian nuclear facilities Saturday, a CIS spokesperson confirmed. Truth Social reportedly saw a surge in reports of problems Saturday night, shortly after Trump posted on the site about the 'very successful attack' on the nuclear sites Fordow, Natanz and Esfahan, Wired reported. The hack comes as cyberattacks have ramped up amid increasing tensions between Iran, Israel and the U.S. Iran and Israel have volleyed attacks back and forth in recent weeks following Tel Aviv's surprise attack on Tehran's nuclear facilities. An Israel-linked hacking group took responsibility for cyberattacks against Iran's largest crypto exchange last week, transferring more than $90 million out of Nobitex wallets, according to the blockchain analytics firm Elliptic. However, the hackers likely did not have the private keys to access the addresses where the stolen funds were sent, meaning they were effectively destroyed. The Nobitex hack came one day after the group, known as Gonjeshke Darande or Predatory Sparrow, also claimed responsibility for the hack of a state-owned Iranian bank.
WIRED
21-06-2025
- Politics
- WIRED
Israel Says Iran Is Hacking Security Cameras for Spying
Amid Israeli airstrikes this week and the imminent threat of further escalations by the United States, Iran started severely limiting internet connectivity for its citizens, limiting Iranians' access to crucial information and intentionally pushing them toward domestic apps that may not be secure. Meanwhile, the Israel-tied hacking group known as Predatory Sparrow is waging cyberwar on Iran's financial system, attacking Iran's Sepah Bank and destroying more than $90 million in cryptocurrency held by the Iranian crypto exchange Nobitex. With the US still reeling from last weekend's violent shooting spree in Minnesota targeting Democratic state lawmakers and their families, an FBI affidavit indicates that the suspected shooter allegedly used data broker sites to find targets' addresses and potentially other personal information about them. The finding highlights the potential dangers of widely available personal data. This week, WIRED published its How to Win a Fight package, which includes our roundup of tools for tracking the Trump administration's attacks on civil liberties, plus the most up-to-date versions of our guides to protecting yourself from government surveillance, protesting safely in the age of surveillance, and protecting yourself from phone searches at the US Border. While you're at it, don't forget to print your own copy of the How to Win a Fight zine! Better yet, print two and leave one at your local coffee shop or library. And there's more. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Israeli officials said this week that Iran is compromising private security cameras around Israel to conduct espionage as the two countries exchange missile strikes after an initial Israeli barrage. A former Israeli cybersecurity official warned on public radio this week that Israelis should confirm that their home security cameras are protected by strong passwords or shut them down. 'We know that in the past two or three days, the Iranians have been trying to connect to cameras to understand what happened and where their missiles hit to improve their precision,' Refael Franco, the former deputy director general of the Israel National Cyber Directorate, said. Like many internet-of-things devices, surveillance cameras are notoriously vulnerable to takeover if they are not secured with strong account protections. They have previously been targeted in other conflicts for intelligence gathering. The Kyiv Post reported this week that hackers from Ukraine's Main Intelligence Directorate (HUR) launched a cyberattack against Russian internet service provider Orion Telecom that disabled 370 servers, took down roughly 500 network switches, and wiped backup systems to hinder recovery. The attacks reportedly caused internet and television outages. Orion Telecom reportedly said that it was recovering from a large DDoS attack and would quickly restore service. The attack came on June 12, the national holiday known as Russia Day. 'Happy holiday, disrespectful Russians," the attackers wrote in a message circulated on Telegram groups. "Soon you'll be living in the Stone Age—and we'll help you get there. Glory to Ukraine.' The attackers claim to be part of Ukraine's BO Team hacking group. Sources told the Kyiv Post that Russian security agencies working on the country's war against Ukraine use Orion Telecom and were affected by the connectivity outages. Bloomberg reported this week that the satellite communication firm Viasat discovered a breach earlier this year perpetrated by China's Salt Typhoon espionage-focused hacking group. In early December, US authorities revealed that Salt Typhoon hackers had embedded themselves in major US telecoms, including AT&T and Verizon. After revelations last year of the group's extensive telecom hacking spree in the US and elsewhere, WIRED reported in February that Salt Typhoon was still actively breaching new victims. Viasat says it has been cooperating with federal authorities to investigate its breach. The United Kingdom's Information Commissioner's Office (ICO) said this week that it issued a £2.31 million ($3.1 million) fine to the beleaguered genetic testing company 23andMe as a result of the company's damaging 2023 data breach. Attackers were able to access user accounts and their data using stolen login credentials, because at the time 23andMe did not require that users set up two-factor authentication, which the ICO says violated the UK's data protection law. The company has since mandated this protection for all users. More than 155,000 UK residents had their data stolen in the breach, according to the ICO, which said that 23andMe 'did not have additional verification steps for users to access and download their raw genetic data' when the breach occurred.
