Nobitex Hack
Incident Overview
On June 18, 2025, Iranian crypto exchange Nobitex was hacked for over $82 million. The attack was claimed by the from-Israel hacktivist group Gonjeshke Darande, who also threatened to leak the platform’s internal source code and data.
The Nobitex exploit appears to stem from a critical failure in access controls, allowing attackers to infiltrate internal systems and drain hot wallets across multiple blockchains. The stolen funds span $49.3M on the Tron network, $24.3M on EVM-compatible chains, $2M on the BTC network, $6.7M on DOGE, and an unspecified amount on TON. The attackers used provocative vanity addresses on each chain, such as “TKFuckiRGCTerroristsNoBiTEX...” on Tron and “0xffFFfFFf…FFDead” on Ethereum.
A group calling itself Gonjeshke Darande has claimed responsibility and is threatening to leak internal data and source code. Nobitex confirmed unauthorized access to internal communication systems and portions of hot wallet infrastructure. So far, no swaps or movement of the stolen funds has been observed.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Nobitex, these are the critical security checks that could have prevented this incident (June 2025).
- Verify all logic paths related to Hot wallet hack / Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next Nobitex
The Nobitex hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.