On Wednesday, the Iranian cryptocurrency Exchange Nobitex was attacked by hackers, confirming that the total assets stolen amount to approximately 0.1 billion USD; the hacker group known as 'Predatory Sparrow' claimed responsibility for this, and this organization previously destroyed data from Iran's state-owned Bank Sepah; industry insiders indicated that the actions of the Predatory Sparrow group are highly aligned with Israel's regional priorities, but there is no solid evidence to suggest a connection with Israel.
On Wednesday, the Iranian cryptocurrency Exchange Nobitex suffered a hacking attack. According to Nobitex's fourth announcement, the estimated total amount of stolen Assets is about 0.1 billion dollars, but the situation has been brought under control, and user Assets are all protected by the reserve Funds, so users will not incur any financial losses.
A hacker group associated with Israel named Gonjeshke Darande (which means 'Predatory Sparrow' in Persian) claimed responsibility for the theft of assets from Nobitex, and the day before, the group also claimed to have destroyed data from Iran's state-owned Bank Sepah.
The consulting firm Elliptic stated that the hackers seemed to have actually destroyed the stolen funds from Nobitex by storing them in vanity addresses without the corresponding keys, making them inaccessible.
Tom Robinson, co-founder of Elliptic, further explained that creating a cryptographic key pair that matches a vanity address would take billions of years with current computer technology.
The Predatory Sparrow organization also stated that it has targeted Nobitex and will publish its source code and more internal information. This action clearly leaves much to the imagination, as the stolen funds were not actually utilized by the hackers, thus suggesting that the motivation behind it is more likely political in nature.
Possibly related to the Israel-Iran conflict.
The Predatory Sparrow organization has always been considered linked to Israel, but the official identity and nationality of the organization have not been confirmed. Elliptic stated that although there is no direct evidence, this recent hacking incident may be related to the recent tensions between Israel and Iran.
Rafe Pilling, the intelligence director of the cybersecurity company Sophos, pointed out that there is no conclusive evidence linking the Predator Sparrows to a specific country, but it possesses all the characteristics of a government-backed organization using false identities and specifically conducts destructive actions targeting Iran's digital realm, logistics entities, transportation infrastructure, and other strategic sectors.
He also believes that, while it cannot be verified that there is a close technical connection between Israel and the Predator Sparrows organization, the organization's actions are highly consistent with Israel's regional priorities, making it difficult to find another country in the region capable of carrying out such attacks.
A day ago, the Predator Sparrows noted in a post on X that it destroyed data from Sepah Bank because the bank funds the Iranian military.
This intrusion incident also further extends the list of victims of hacking attacks in the cryptocurrency industry for 2025. According to data from blockchain security company CertiK, over $2.1 billion in digital assets have been stolen so far in 2025.
Editor/melody
