Nobitex Restores Services Following High-Profile Cyberattack Amid Geopolitical Tensions

Picking up the pieces after a major cyberattack, Iran’s largest cryptocurrency exchange, Nobitex, is cautiously restoring its services. The incident serves as a reminder that today’s conflicts are no longer confined to the battlefield—they can just as easily play out through hacks and digital currencies.

Nobitex Rolls Out Phased Wallet Access as Security Checks Continue

Nobitex was hit on the night of June 12 by a breach—allegedly carried out by a pro-Israel hacking group—that led to the loss of over $90 million in digital assets. In the wake of the attack, the exchange suspended operations to contain the damage and is now gradually reopening access for its users.

The exchange has initiated a phased return of wallet access, prioritising users who have completed identity verification. This verification process is a necessary step before wallet balances become visible and accessible. 

Nobitex began this identity confirmation a few days prior to reintroducing wallet access, aiming to ensure security and accuracy in user information. 

Nobitex is starting by reopening access to spot wallets—the main accounts where cryptocurrencies are held and traded—while access to other wallet types will be restored gradually over time.

A prior update from Nobitex mentioned that withdrawals would reopen from 30 June, with trading and deposit services expected to return in phases after that. However, the exchange indicated that these timelines might be adjusted depending on technical or security requirements.

Starting Monday, June 30, withdrawal functionality will be re-enabled, followed by the gradual reactivation of trading and deposit services.

Users are cautioned not to transfer any cryptocurrency to their old wallet addresses, as the exchange has migrated to a new wallet system. It added that depositing to obsolete addresses could result in irreversible loss of funds. It stated:

Due to the wallet system migration, previous addresses are no longer valid, and any deposits made to them may result in loss of funds. If your old deposit address is connected to a mining rig or saved as a default withdrawal address in a blockchain service, make sure to delete it and replace it with your new personal address, or wait for the new address to be issued by Nobitex.

Nobitex

Hack Reveals Exchange’s Links to High-Risk and Sanctioned Actors

The cyberattack reflects the growing trend of geopolitical conflicts spilling into cyberspace. A pro-Israel group, Gonjeshke Darande, claimed responsibility for the hack, framing it as a strategic blow against Iran’s digital infrastructure. 

Nobitex’s CEO, Amir Rad, stated that the attack had the backing of the Israeli government but stressed that the exchange operates as a private entity without any links to the Iranian government or military.

While recovering from the attack, Nobitex has also come under renewed scrutiny over its past activities. Investigations have uncovered links and transactions that raise broader questions about the platform’s exposure to high-risk actors and sanctioned entities.

Key insights from Chainalysis investigations:

• The exchange has been tied to entities connected with Hamas and the Houthis, flagged by Israel’s National Bureau for Counter Terror Financing (NBCTF)
• Nobitex facilitated transactions with Gaza Now, a sanctioned media outlet aligned with Hamas
• The platform has allegedly facilitated trades with sanctioned Russian crypto exchanges Garantex and Bitpapa

The attack on Nobitex shows the increasing vulnerability of cryptocurrency platforms to cybercrime. The first half of 2025 alone saw over $2.1 billion stolen across the global crypto space. Although blockchain technology brings many innovative possibilities, the industry is under increasing pressure to fix security flaws and safeguard users’ trust.