Iran's Nobitex Source Code Exposed Day After Hackers Steal Tokens Across Bitcoin, EVM, Ripple Networks

What to know:

The pro-Israel hacker collective Gonjeshke Darande released the full source code of Iranian crypto exchange Nobitex, just a day after  orchestrating a $100 million exploit  across multiple blockchains as the war between the two countries nears the end of its first week.

The move raised fresh concerns for users who have not yet withdrawn their assets from the platform because the code makes it extremely easy for nefarious actors to access and exploit.

Israel attacked military and  nuclear sites in Iran  on Friday saying it had to take action to prevent its enemy, which has vowed to wipe the Jewish state off the map, attaining nuclear weapons. Iran responded with  ballistic missile launches  targeting the entire country, sending millions into shelters at short notice.

In an X post on Thursday, the hacker group, whose name is Farsi for Predatory Sparrow, wrote: “Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.”

Time's up - full source code linked below.ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.بازمانده دارایی های شما در نوبیتکس هم اکنون در معرض دید و خطر هستندBut before that, lets meet Nobitex from the inside:Exchange Deployment (1/8)  pic.twitter.com/jiMfBpNXwd

— Gonjeshke Darande (@GonjeshkeDarand) June 19, 2025

The leak included blockchain scripts, internal privacy settings and a list of servers, effectively dismantling the exchange’s back-end security.

The source code dump follows through on threats issued a day earlier, when Gonjeshke Darande claimed responsibility for the hack and promised to release internal data.

The group accused Nobitex of aiding Iran in circumventing international sanctions and called the platform the “regime’s favorite sanctions violation tool.”

Over $90 million in tokens from Bitcoin, EVM, Ripple, Dogecoin, Solana and other networks were deliberately sent to burner addresses, making recovery unlikely.

Blockchain data shows that funds were moved to provocatively named wallets, such as “1FuckiRGCTerroristsNoBiTEXXXaAovLX” and “DFuckiRGCTerroristsNoBiTEXXXWLW65t,” suggesting the use of brute-force-generated vanity addresses that the attackers do not hold private keys for. The IRCG, or  Islamic Revolutionary Guard Corps , is an powerful and influential branch of the Iranian military.

Nobitex responded on Thursday, stating that no additional losses occurred after the leak and that it plans to begin restoring services within five days, although ongoing internet disruptions in Iran may delay the recovery.