The Iranian crypto exchange Nobitex, which was hacked earlier this month by the pro-Israel group Gonjeshke Darande, has started restoring its services. The exchange announced that withdrawal services will resume starting June 30. However, this will only be for users who have completed identity verification. Spot exchange users will be prioritized during this phase of recovery.
In a statement, Nobitex urged users to avoid depositing funds into the exchange’s old wallet addresses. They warned that these addresses are no longer valid due to a wallet system migration.
Operational activities such as trading and deposits will be rolled out gradually, though no specific timeline has been provided. This cautious approach reflects the exchange’s efforts to rebuild trust after suffering a devastating $100 million hack on June 18.
A Politically Motivated Attack with Geopolitical Implications
The attack on Nobitex was not just a financial crime. It was also a politically motivated act amid escalating tensions between Iran and Israel. Gonjeshke Darande, the pro-Israel hacking group behind the breach, claimed responsibility. They also accused Nobitex of having ties to the Iranian government and funding malicious actors.
To underscore their message, the group burned $90 million worth of stolen assets and released the full source code of the exchange. This move highlights the growing trend of state-aligned hacking groups using cyberattacks as tools for geopolitical leverage.
Data analytics platform Chainalysis revealed that Nobitex plays a crucial role in Iran’s cryptocurrency infrastructure. The exchange processed inflows of $11 billion. This dwarfs the combined inflows of the next ten largest Iranian exchanges, which totaled $7.5 billion. Chainalysis also noted that onchain analysis showed connections between Nobitex and sanctioned entities, further complicating its reputation.
Iranian Authorities Impose Stricter Regulations on Crypto Exchanges
In response to the hack, Iranian authorities have tightened regulations on domestic cryptocurrency exchanges. These platforms are now restricted to operating only between 10 a.m. and 8 p.m.. This limits their ability to provide 24/7 services.
While these measures aim to enhance oversight and security, they also reflect the challenges faced by Iran’s crypto industry. This is amid international sanctions and increasing scrutiny from global regulators.
State-Sponsored Hacks Surge in 2025
The Nobitex incident is part of a broader trend of rising state-sponsored cyberattacks targeting the cryptocurrency sector. In 2025 alone, these attacks have caused significant financial losses, with North Korean state-sponsored hackers leading the charge.
For instance, the February hack of Bybit, which resulted in a staggering $1.5 billion theft, accounted for nearly 70% of all losses from exploits this year. South Korean officials have also reported that North Korean hacking groups are leveraging advanced AI tools like ChatGPT to refine their techniques. They aim to steal cryptocurrencies more effectively.
This surge in state-sponsored hacks underscores the growing intersection of cybersecurity threats and geopolitical conflicts. Cryptocurrencies are often caught in the crossfire.
Challenges Ahead for Nobitex and the Iranian Crypto Ecosystem
As Nobitex works to restore its services, it faces an uphill battle to regain user confidence and comply with stricter regulatory requirements. In addition, the exchange’s association with sanctioned entities, as highlighted by Chainalysis, adds another layer of complexity to its recovery efforts.
Moreover, the broader Iranian crypto ecosystem must contend with the fallout from the Nobitex hack. It also must deal with the heightened scrutiny it has attracted. While cryptocurrencies remain vital to Iran’s economy, particularly in circumventing international sanctions, the risks posed by cyberattacks and regulatory restrictions cannot be ignored.
Conclusion
The gradual restoration of services by Nobitex marks a critical step in recovering from one of the most high-profile hacks of 2025. However, the incident serves as a stark reminder of the vulnerabilities inherent in centralized exchanges. Moreover, it shows the growing prevalence of politically motivated cyberattacks.
As state-sponsored hacking continues to rise, the need for robust security measures and transparent governance in the crypto industry becomes even more pressing. For Nobitex and other exchanges operating in geopolitically sensitive regions, navigating these challenges will require balancing innovation with compliance and user protection.
The coming months will be crucial in determining whether Nobitex can rebuild trust and solidify its position as a key player in Iran’s crypto landscape. Alternatively, the hack may leave lasting scars on the exchange and the broader ecosystem.
