Hacked Iranian Crypto Exchange Nobitex Slowly Restores Services

Iran’s largest cryptocurrency exchange, Nobitex, is cautiously restoring operations after suffering a devastating cyberattack earlier this month. The breach, which saw nearly $90 million in digital assets drained from the platform, was one of the most high-profile cyber incidents to hit Iran’s financial sector in recent years.

The attack, believed to have been politically motivated, took place on June 18. Hackers exploited internal security vulnerabilities, reportedly accessing the exchange’s hot wallets by compromising employee credentials. Funds were then transferred across multiple blockchain networks, including Ethereum, Bitcoin, and Tron, and ultimately sent to untraceable and unrecoverable crypto addresses.

Shortly after the hack, Nobitex went offline and froze all trading and withdrawal activities to prevent further losses. In the days that followed, the exchange’s source code and internal documents were leaked online, heightening concerns about the security of user data and infrastructure. The incident triggered panic among users and raised fears of broader financial destabilization within Iran’s crypto ecosystem.

More than a week after the attack, Nobitex has begun gradually reactivating its services. The restoration is taking place in stages, starting with verified users regaining access to their spot wallets. Deposit and withdrawal functions have resumed for these users but under stricter compliance and verification procedures. The exchange has emphasized the importance of using newly issued wallet addresses, warning that transactions sent to previous addresses may be lost permanently.

Nobitex’s technical team has been working around the clock to rebuild its wallet infrastructure, implement additional layers of security, and conduct forensic analysis of the breach. In response to the attack, the platform has overhauled its wallet architecture, introduced new firewalls, and tightened employee access protocols.

The Iranian government has also intervened in the wake of the cyberattack, introducing new regulations aimed at safeguarding digital finance operations. Among the measures imposed is a restricted operational window for cryptocurrency exchanges, allowing activity only between 10 a.m. and 8 p.m. local time. Additionally, internet restrictions and bandwidth throttling have been reported in various regions, further complicating access to digital platforms.

The Nobitex hack has broader geopolitical implications. The exchange plays a critical role in Iran’s economy, especially as a means for citizens and entities to navigate around international sanctions. Its deep integration into Iran’s financial fabric has made it a target not just for criminal actors but for politically motivated cyber groups.

Despite the severity of the attack, Nobitex has assured users that the majority of funds are still secure and that no further breaches have occurred since the initial incident. The company has pledged to maintain transparency throughout the recovery process and is expected to resume full trading operations in the coming days.

As services gradually return to normal, the spotlight remains on Nobitex to prove that its new security framework is robust enough to withstand future threats. For users and regulators alike, the incident serves as a stark reminder of the vulnerabilities inherent in the digital financial landscape and the importance of preparedness in an increasingly hostile cyber environment.