An onchain investigator has flagged a major breach at Iran-based Nobitex, where hackers made off with more than $81 million in digital assets. Related Reading: Tether Enforces Freeze On $12 Million In Tron Funds Over Illicit Activity Based on reports from blockchain sleuth ZachXBT, at least $81.7 million was moved out of the exchange’s hot wallets on June 16, 2025. The stolen funds came from both the Tron network and various Ethereum Virtual Machine (EVM) chains. Massive Funds Drained From Hot Wallets According to ZachXBT’s Telegram post, the first chunk—$49 million—went through a vanity address that read “TKFuckiRGCTerrorists…mNX.” A second custom address, “0xffFFfFFffFF…Dead,” was used to pull the rest. These special wallet names aren’t random. They show how attackers slipped around Nobitex’s checks and grabbed funds meant to stay locked down. Vanity Addresses Exploit Access Controls Experts say the use of these human‑readable addresses points to a flaw in the exchange’s internal controls. “Attackers managed to infiltrate systems that should have blocked unauthorized wallets,” noted Hakan Unal of Cyvers security. The exchange confirmed that it spotted the breach quickly and suspended the affected hot wallets. Political Motive Behind The Breach A pro‑Israel hacker group calling itself “Gonjeshke Darande” claimed responsibility in an X post. The group called Nobitex a tool for “regime financing” and threatened to release source code and internal files within 24 hours. After the IRGC’s “Bank Sepah” comes the turn of Nobitex WARNING! In 24 hours, we will release Nobitex’s source code and internal information from their internal network. Any assets that remain there after that point will be at risk! The Nobitex exchange is at the heart of the… pic.twitter.com/GFyBCPCFIE — Gonjeshke Darande (@GonjeshkeDarand) June 18, 2025 They warned that any assets left on the platform would be in danger. This hack comes as tensions surged between Israel and Iran after Israel’s largest strikes on Iran since the 1980s. Reports say at least 224 people died in Iran and 24 in Israel during the renewed conflict. Cold Storage And User Security Assurances Nobitex says users’ main funds are safe in cold storage, and only a fraction of hot‑wallet assets were hit. The exchange promised to cover all losses with its insurance fund and internal resources. That promise should reassure customers, though the fear of leaked code or files could drive some to pull funds. Related Reading: Crypto Gets A Green Light From Spanish Banking Giant Unmoved Funds Could Reveal Next Steps Interestingly, none of the stolen coins have moved since the hack was first spotted. That could mean the hackers are choosing their next move. Or it might be a warning shot meant to show they can strike again. Either way, this incident highlights how vital it is for exchanges to guard against insider‑level slip‑ups. Protocols alone aren’t enough if people and processes leave doors open. As the crypto world watches, Nobitex users will be looking closely at how the platform rebuilds trust and keeps their money safe. Featured image from Unsplash, chart from TradingView
North Korea’s hackers has reportedly stolen nearly $2 billion from centralized crypto exchanges over the past year. Blockchain security researcher Tay Monahan attributes a significant portion of those funds, around $1.8 billion, to a series of major hacks targeting centralized crypto trading platforms like Bybit, DMM Bitcoin, WazirX, Phemex, and BingX. Despite setbacks such as […]
The post North Korea’s hackers could have laundered as much as $1.5 billion in stolen crypto appeared first on CryptoSlate.
Malware operations targeting holders of Ethereum, XRP, and Solana cryptocurrencies have been exposed by cybersecurity researchers. The threat attacks Atomic and Exodus wallet owners by using compromised software packages installed by developers unaware of the malware contained in the code. The malware, upon execution, is able to send cryptocurrency to thief-held addresses with no indication on the wallet owner. Related Reading: Whale Alert: Ripple Sends 200 Million XRP Into The Shadows How The Attack Works Researchers say the attack starts when developers unwittingly include hacked node package manager (NPM) packages in their projects. One such package named “pdf-to-office” appears genuine on the surface but conceals malicious code within. The package searches computers for installed crypto wallets and then injects code that intercepts transactions. This enables criminals to steal money without the user’s awareness or permission. Multiple Cryptocurrencies At Risk Security researchers have concluded that the malware can divert transactions on multiple of the world’s leading cryptocurrencies. They include Ethereum, USDT, XRP and Solana. The attack is what researchers identify as “an escalation in the ongoing targeting of cryptocurrency users through software supply chain attacks.” Technical Details Reveal Sophisticated Methods ReversingLabs discovered the campaign by scanning for suspicious NPM packages. Their analysis revealed several warning signs such as suspicious URL associations and code structures matching well-known threats. The attack employs sophisticated techniques for evasion from security tools and is multi-stage in nature. The infection begins when the malware package executes its code aimed at wallet software on the target’s machine. It specifically looks for application files in some of the predetermined paths before injecting its malicious code. No Visual User Warning Signs According to reports, this malware’s effect can be catastrophic since transactions appear absolutely normal on the wallet interface. The code substitutes valid recipient addresses with attacker-controlled addresses through base64 encoding. Related Reading: Bitcoin Maxi Takes Aim: Ethereum’s True Value? Lower Than You Think For instance, when a user attempts to send ETH, the malware substitutes the recipient address with the attacker’s address, which is concealed in encoded form. Users have no visual clue that anything is wrong until they check the blockchain record afterward and discover their money went to an unexpected address. The security threat indicates increased harm to cryptocurrency owners who might not be aware their transactions are compromised until funds go missing. The modus operandi of the attack is evidence of how hackers keep coming up with new methods of pilfering digital assets. Cryptocurrency users should be extremely cautious when verifying all transaction addresses. Developers are also advised to double-check the security of any packages they install on cryptocurrency-related projects. Featured image from Enterprise Networking Planet, chart from TradingView
The promotional posts have been deleted and the Saudi Law Conference, whose account was compromised, issued a statement on it.
The Bitcoin seized from former ICRF employee Marat Tambiev will be turned into Russian state revenue from a hardware crypto wallet.
According to the security firm, hacks accounted for more than 70% of crypto losses due to illicit activities in 2024, compared to 30% for scams.
According to Cyvers, the 40% yearly increase was mainly driven by growing access control vulnerabilities amid centralized exchanges and cryptocurrency custodians.
Initially owing creditors $4.2 million, Cryptopia’s liquidator Grant Thornton has distributed at least $225 million in crypto to hack victims in December.
It’s crucial to securely back up and store your seed phrase in multiple safe places, ensuring that you’re the only one who can access it when needed.
Ilya Lichtenstein urged his social media followers not to blame his wife — also implicated in money laundering — for the 2016 Bitfinex hack.
A federal judge has given Eric Council Jr., who pleaded not guilty to compromising the SEC's X account, permission to travel to North Carolina between Dec. 23 and Dec. 29.
Hardware wallet provider Ledger has linked a recent loss of funds by one of its users to a phishing attack in February 2022.
Byte Federal, operator of 1,300 Bitcoin ATMs in the US, urged its customers to reset login credentials following a massive data breach.
Singapore-based Crypto.com is offering $2 million to anyone who can find and report vulnerabilities as a sign of its confidence in its modern and updated security system. The bounty program is the biggest yet for the website and HackerOne, offering an open scope, fast payment, and fully compliant with platform standards. Related Reading: Binance And […]
For years, cybersecurity threats like hacking and identity theft have compromised not just individual accounts but also companies and organizations. And many governments point their fingers to North Korea as the probable location of these hackers that cost the global economy billions of dollars. Related Reading: Crypto Trail Exposed: Japan Police Nab Online Gamblers Using […]
Cryptocurrency hackers continue damaging the industry’s reputation as the yearly value stolen through cyberattacks nears $1.5 billion.
XT.com has issued a statement acknowledging an “abnormal transfer of platform wallet assets” but hasn’t confirmed the $1.7 million hack yet.
South Korea said North Korean hackers Lazarus and Andariel were behind the $50 million Upbit hack in 2019, with the stolen crypto now valued at over $1 billion.
US authorities arrested Ilya Lichtenstein and his wife, Heather Morgan, in 2022 for laundering Bitcoin connected to the Bitfinex exchange.
The DeFi liquidity protocol has already paused operations on Arbitrum and Avalanche blockchains as the team investigates the vulnerability.
The latest crypto high-profile platform to be targeted by the bad guys is Metawin. According to reports, hackers broke into the withdrawal system of the crypto site and stole more than $4 million worth of digital assets. Metawin’s CEO has confirmed the security breach as the casino immediately stopped all its payment requests. Related Reading: […]
The industry is still recovering from the $230 million WazirX hack, which occurred less than four months ago.
The popular Lottie Player animations library was hacked to push a crypto-draining popup on multiple websites, which has now been fixed.
According to PeckShieldAlert, losses from crypto hacks and exploits accounted for over $120 million in losses during September 2024.
The scammers breached countless X accounts to shill the memecoin, but they didn’t even make enough to buy a Toyota Corolla.
Binance urged the WazirX team to take accountability for the hack, and compensate users for the loss of funds.
The ongoing hack has already netted the attackers over $6 million worth of stablecoins, which have been swapped to ETH by the attacker.
Despite the falling number of smart contract exploits, hackers could surpass the previous year in terms of total value stolen.
The scam starts with a small payment of USDT to the user.
A study from TRM Labs says that Russia’s involvement in illegal crypto operations grew a lot in 2023. Almost 70% of all cryptocurrency earnings from ransomware came from groups of people who spoke Russian. This makes them big players in this field. Related Reading: Kamala Harris Finds Ally In Ripple CEO Amid Crypto Backlash It […]