A group of Israeli-linked hackers have claimed responsibility for a mass data theft from a major Iranian cryptocurrency exchange, which could leave up to $90 million in assets exposed.
Predatory Sparrow, also known by its Persian name Gonjeshke Darande, confirmed it would release sensitive information in 24 hours and urged investors to pull their portfolios out of the Nobitex exchange.
Announcing the theft on X, the group said: “In 24 hours, we will release Nobitex's source code and internal information from their internal network. Any assets that remain there after that point will be at risk.
"We, “Gonjeshke Darande”, conducted cyberattacks against Nobitex.”
Nobitex, Iran’s largest crypto exchange, has previously alleged to facilitate sanctions busting for the Islamic Republic, with Reuters reporting in 2022 that it openly offered customers advice on how to avoid sanctions on its website.
Since the attack, the collective assets held in the exchange reportedly fell from $1.8 billion to just over $100 million.
A statement posted on Nobitex’s site read: “Our technical team has identified signs of unauthorized access to part of the information infrastructure and warm wallets.
"Immediately after the diagnosis, all access was stopped and our internal security teams are investigating the dimensions of the incident.
“We note that users’ assets are in full security in accordance with cold storage standards and the above incident only affects part of the property of hot wallets.
“Nobitex accepts full responsibility for the incident and we assure users that all possible damage will be compensated through the Nobitex Insurance Fund and Resources.
“Until full review, there is temporarily no website and app access. More details will also be published after the review is completed.”
It comes after Predatory Sparrow announced yesterday that it had targeted Bank Sepah, one of Iran’s major financial institutions with long-standing ties to the armed forces and IRGC.
Customers reported being unable to access their accounts, and several Bank Sepah branches were forced to close temporarily as a result of the attack.
And the group has been a thorn in the regime’s side for some years now, rising to prominence after causing a fire at a major Iranian steelworks in 2022.
In that attack, hackers were able to activate one of the site’s machines and cause it to leak molten metal, but claimed they had timed the operation to avoid casualties among innocent factory workers.
Itay Cohen, head of cybersecurity firm Check Point Software, even suggested at the time that the collective may be state-sponsored given its significant capabilities.
He told BBC News: “They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state."
