The funds were drained from platform wallets into addresses bearing anti-government messages explicitly referencing Iran’s Islamic Revolutionary Guard Corps, or IRGC, pointing to a politically motivated cyberattack, Elliptic said.
Pro-Israel hacking group Gonjeshke Darande, or “Predatory Sparrow,” claimed responsibility for the attack and said it would release the exchange’s source code. Elliptic said the exchange was offline at the time of its post. Predatory Sparrow also claimed credit for a separate cyberattack on Iran’s state-owned Bank Sepah this week.
The total assets of Nobitex-connected wallets drastically decreased from $1.8 billion to about $100 million – more than a 95% decrease.
