On Wednesday, the Iranian crypto exchange Nobitex was hacked. According to Nobitex's fourth announcement, the total amount of stolen assets is currently estimated to be about $100 million, but the situation has been controlled and user assets are protected by reserve funds, so users will not bear any financial losses.

An Israeli-related hacker group Gonjeshke Darande claimed responsibility for the theft of Nobitex assets. The day before, the group also claimed to have destroyed the data of Sepah, Iran's state-owned bank.

Consulting firm Elliptic said that hackers actually seemed to have destroyed Nobitex's stolen funds by storing them in vanity addresses without corresponding keys, making them inaccessible.

Elliptic co-founder Tom Robinson further explained that it would take billions of years to create a cryptographic key pair that matches the vanity addresses under current computer technology.

The Predatory Sparrow also said that it has targeted Nobitex and will publish its source code and more internal information. This action obviously makes people think about it, because the stolen funds were not actually used by hackers, so the motivation behind it is more likely to be political.

Or related to the Iran-Israel conflict

The Predatory Sparrow has always been considered to be linked to Israel, but the official identity and nationality of the organization have not been confirmed. Elliptic said that although there is no direct evidence, this hacker attack may be related to the recent tensions between Israel and Iran.

Rafe Pilling, intelligence director of cybersecurity company Sophos, pointed out that there is no conclusive evidence that the Predatory Sparrow is associated with a specific country, but it has all the characteristics of a false identity used by a government-backed organization and specializes in destructive operations against targets related to Iran's digital field, logistics entities, transportation infrastructure and other strategic sectors.

He also believes that although there is no way to verify the close technical connection between Israel and the Predatory Sparrow, the organization's actions are highly consistent with Israel's regional priorities, and it is difficult to find another country in the region that is capable of carrying out such attacks.

A day earlier, Predatory Sparrow noted in a post on X that it destroyed Sepah Bank’s data because the bank provided funding to the Iranian military.

The intrusion also further extended the list of victims of crypto industry hacking in 2025. According to blockchain security company CertiK, more than $2.1 billion in digital assets have been stolen so far in 2025.