Iranian crypto exchange Nobitex suffered a $81.7 million hack on Tron, Bitcoin, Dogecoin, and EVM chains, marking one of the most significant security incidents of 2025. Blockchain investigator ZachXBT exposed the Nobitex hack and traced the stolen funds to provocative wallet addresses. This Tron crypto scam represents a major crypto exchange security breach that has left thousands of Iranian traders unable to access their funds right now.
JUST IN: 🇮🇷 Iranian crypto exchange Nobitex hacked for $48 million.
— Watcher.Guru (@WatcherGuru) June 18, 2025
Funds were sent to the following TRON wallet:
TKFuckiRGCTerroristsNoBiTEXy2r7mNX
The pro-Israel hacker group known as Gonjeshke Darande (Predatory Sparrow) has taken credit for the attack, and this adds a geopolitical dimension to what was initially seen as a purely financial crime.
Also Read: BlackRock Flags Quantum Computing as Emerging Bitcoin Threat
Iranian Crypto Exchange Nobitex Hacked: ZachXBT Exposes Tron Hack as Crypto Scams & Risks Surge
Vanity Addresses Reveal Attacker’s Message in Iranian Crypto Exchange Hack
The attacker used several vanity addresses with provocative messages, including: TKFuckiRGCTerroristsNoBiTEXy2r7mNX, 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead, 1FuckiRGCTerroristsNoBiTEXXXaAovLX, and DFuckiRGCTerroristsNoBiTEXXXWLW65t. The addresses contain an explicit anti-terrorist message targeting the exchange, which shows the brazen nature of this attack.
ZachXBT’s investigation reveals the exploit affected Tron, Bitcoin, Dogecoin, and EVM chains. His analysis reveals the scale of this crypto exchange security breach, with attackers systematically draining funds from hot wallets over several hours.
How the Attack Unfolded
The attack seems to have occurred throughout several hours, and the attackers resorted to multiple payments to transfer funds to escape detection. The crypto scam also relied on the high speed of transactions provided by Tron network to transfer the stolen crypto quickly outside the control of the exchange, which made it more difficult to trace.
The calculated nature of the withdrawals suggests that the attackers likely gained access to Nobitex’s internal systems—exposing a serious vulnerability in the exchange’s security protocols.
Hackers utilized an exploit during the hack that researchers have started to reveal the nature of. They essentially burned the funds, which stablecoin issuers cannot access unless they reissue the centralized stablecoins.
Impact on Iranian Crypto Market
Such a security breach of crypto exchanges has badly affected the whole crypto-sphere in Iran, and now people are bearing huge losses. Nobitex, however, was clear about the fact that “all damages will be compensated through the insurance fund and Nobitex resources.”
اطلاعیه در خصوص حادثه امنیتی
— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025
صبح امروز ۲۸ خرداد، تیم فنی ما نشانههایی از دسترسی غیرمجاز به بخشی از زیرساختهای اطلاعرسانی و کیف پول گرم را شناسایی کرده است. بلافاصله پس از تشخیص، تمام دسترسیها متوقف شد و تیمهای امنیتی داخلی ما در حال بررسی دقیق ابعاد این حادثه هستند.
یادآور…
This attack also shows how weak centralized exchanges are to advanced hackers, and this has several users doubting the security measures of other Iranian exchanges. Platform users do not have the possibility to withdraw funds at the moment, which also brings panic to the local crypto community.
The Iranian crypto exchange Nobitex hack is another lesson to learn that it is quite risky to use exchanges as wallets by storing large portions of cryptocurrencies. The fact that the Tron crypto scam involved use of provocative vanity addresses is also indicative of the shameless attitude of present-day crypto criminals, and how they are getting bolder to the point of using such attention-grabbing tactics.
Also Read: BlackRock Plans to Become “Largest Crypto Asset Manager”