-
Iran’s largest crypto exchange Nobitex is set to resume withdrawal services following a significant $100 million hack by a pro-Israel group, marking a critical step in its recovery process.
-
The exchange prioritizes verified users for wallet access and warns against using old wallet addresses to prevent further loss of funds amid a wallet system migration.
-
According to Nobitex, withdrawal services will restart on June 30, with trading and deposit functionalities to be gradually restored, reflecting a cautious approach to resuming full operations.
Nobitex prepares to reopen withdrawals after a $100M hack, prioritizing verified users and warning against old wallet deposits amid ongoing geopolitical tensions.
Nobitex Recovery Plan: Prioritizing Verified Users and Wallet Migration
Following the devastating cyberattack on June 18, Nobitex has initiated a phased restoration of its services, starting with withdrawal capabilities exclusively for users who have completed identity verification. This approach underscores the exchange’s commitment to security and regulatory compliance during its recovery. The migration to a new wallet system is a pivotal part of this process, as Nobitex explicitly cautions users against depositing funds to previous wallet addresses, which are now invalid and pose a risk of permanent loss.
This strategic move not only protects user assets but also aligns with broader industry standards for safeguarding digital wallets after breaches. Nobitex’s decision to prioritize spot exchange users further indicates a focus on stabilizing core trading activities before expanding service availability. While no exact timeline has been provided for the full resumption of trading and deposits, the gradual rollout reflects a measured response to mitigate risks and rebuild trust.
Geopolitical Implications Behind the Nobitex Hack
The hack carried out by the pro-Israel group Gonjeshke Darande is widely interpreted as a politically motivated attack amid heightened tensions between Iran and Israel. Nobitex, as Iran’s largest cryptocurrency exchange, plays a significant role in the country’s crypto ecosystem, handling inflows totaling $11 billion, according to Chainalysis data. The group’s actions—burning $90 million in assets and releasing Nobitex’s source code—highlight the intersection of cyber warfare and financial infrastructure targeting.
Chainalysis’s onchain analysis further revealed that Nobitex maintains connections to sanctioned entities and other malicious actors, which may have contributed to its selection as a target. In response, Iranian regulators have imposed operational restrictions on domestic exchanges, limiting activities to specific hours, a move aimed at tightening oversight and reducing vulnerability to further attacks.
Rising Trend of State-Sponsored Cyberattacks in Cryptocurrency
The Nobitex incident is part of a broader surge in state-sponsored cyberattacks targeting cryptocurrency platforms globally. In 2025, North Korean state-sponsored hackers have been particularly active, responsible for nearly 70% of losses from crypto exploits, including the massive $1.5 billion breach of Bybit earlier this year. These groups increasingly leverage advanced technologies, such as AI tools including ChatGPT, to enhance their hacking capabilities and evade detection.
South Korean intelligence agencies have confirmed the use of AI-assisted methods by North Korean hackers, signaling a new era of sophisticated cyber threats in the crypto space. This evolving threat landscape underscores the urgent need for exchanges worldwide to bolster security protocols and regulatory frameworks to protect digital assets and maintain market integrity.
Conclusion
Nobitex’s gradual resumption of withdrawal services marks a critical milestone in recovering from one of the largest politically charged crypto hacks to date. By prioritizing verified users and implementing a wallet migration, the exchange aims to restore trust while mitigating further risks. The incident also exemplifies the growing geopolitical dimension of cyberattacks in the cryptocurrency sector and highlights the increasing prevalence of state-sponsored hacking activities. As the crypto industry navigates these challenges, enhanced security measures and regulatory vigilance remain paramount to safeguarding assets and ensuring resilient market operations.
