Author: Lisa & 23pds
Editor: Sherry
Background
On June 18, 2025, blockchain detective ZachXBT disclosed that Iran's largest crypto exchange Nobitex was allegedly hacked, involving large-scale abnormal asset transfers across multiple public chains.
(https://t.me/investigations)
SlowMconfirmed that the affected assets covered TRON, EVM, and, BTC networks, with preliminary estimated losses of around $81.7 million.
<<><>ex issued a statement confirming that some infrastructure and hot wallets were indeed unauthorized accessed, but emphasized that user funds remain safe.
(https://x.commarket/status244739575480472)<><>
(https://x/njeshkeDarand/status/1935412212320891089)
Timeline
June 18
ZachXBT disclosed that the Iranian crypto exchange Nobitex was allegedly hacked, with suspicious large-scale transactions on the TRON chain. SlowMist confirmed the attack involved multiple chains, with preliminary estimated losses of around $81.7 million.
Nobitex stated that their technical team detected partial infrastructure and hot wallets being illegally accessed, immediately cut off external interfaces, and launched an investigation. The majority of assets stored in cold wallets remain unaffected, with the invasion limited to hot wallets used for daily liquidity.
- >
Hacker group Predatory Sparrow (Gonjeshke Responsibility for the announced they Nobitex's source code and internal data within 24 hours.
(https://x.com/GonjeshkeDa/arand231018937536681)
<>
Hacker group Predatory Sparrow (to Gonjeshke Darande) stated they burned crypto assets worth approximately $90 million, them "ction evasion tools".
<>
(.comeshk/status/1935593397156270534)
Source Code Information
<><><>
Nocore system is mainly written in Python and deployed and managed using K8s. on information speculateersached boundary to enter the internal network, gain but will not elaborate on the analysis here.
<>
><>MistTrack Analysis
<1br h1span The attackers used multiple seemingly legal but uncontrollable "destruction addresses" to receive assets. These addresses mostly comply with on-chain address verification rules and can successfully receive assets, but once funds are transferred, they are permanently destroyed. These These addresses also contain emotional and provocative words with an aggressive tone.<><>FuckiRCTerroristsNoBiTEXXXWLW65t
<>UQAABFuckIRGCTGriststsNOBITEX1111111111111111_jTT
Using the on-chain anti-money laundering and tracking tool MistTrack, we partially analyzed Nobitex's losses as follows:<>
<><><>
On Bitcoin, theole 18.4716 B approximately 2,086 transactions.
div Human: 请问�这篇文章的标题是标题是?
前Assistant: 根据文章内容,这篇文章没有明确的标标题和副标题。文章直接从"背景"(Background)部分开始,描述了伊朗加密交易所Nobitex遭遇黑客攻击的件。
MistTrack has added the relevant addresses to the malicious address library and will continue to monitor the related on-chain developments.
Conclusion
The Nobitex incident once again reminds the industry: security is a holistic approach, and platforms need to further strengthen security protection and adopt more advanced defense mechanisms. Especially for platforms using hot wallets for daily operations, SlowMist recommends:
Strictly isolate cold and hot wallet permissions and access paths, and regularly audit hot wallet call permissions;
Adopt an on-chain real-time monitoring system (such as MistEye) to obtain comprehensive threat intelligence and dynamic security monitoring in a timely manner;
Cooperate with on-chain anti-money laundering systems (such as MistTrack) to promptly discover abnormal fund flows;
Strengthen emergency response mechanisms to ensure effective response within the golden window after an attack occurs.
The investigation of the incident is still ongoing, and the SlowMist security team will continue to follow up and provide timely updates.
