Yesterday, pro‑Israel hacktivist group Gonjeshke Darande claimed responsibility for a breach that stole more than $100 million from Iran’s Nobitex crypto exchange. 

Shortly after the attack, the group posted screenshots on X(Twitter) showing key parts of the platform’s source code. The leak covers pieces of code used for deploying the exchange, handling privacy settings, and building its user interface.

Time's up – full source code linked below.

ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.
بازمانده دارایی های شما در نوبیتکس هم اکنون در معرض دید و خطر هستند

But before that, lets meet Nobitex from the inside:

Exchange Deployment (1/8) pic.twitter.com/jiMfBpNXwd

— Gonjeshke Darande (@GonjeshkeDarand) June 19, 2025

Screenshots Reveal Critical Code

In their social media post, the hackers wrote that “assets left in Nobitex are now entirely out in the open.” 

They shared images that appear to show folders and files containing configuration details and scripts. Security experts warn that if this code is genuine, it could let others find new weaknesses in Nobitex’s systems.

On‑Chain Alert

Blockchain researcher ZachXBT first spotted unusual transfers from Nobitex’s wallets on both Tron and EVM networks. Those transactions hinted at a large heist, which Nobitex later confirmed in its fourth public statement.

The exchange said that attackers moved stolen coins into special “burn” wallets where the funds were destroyed, making recovery impossible.

Also Read: Iran’s Senior IRGC Investigators Accused of Embezzling Over $21 Million in Crypto Assets

Nobitex’s Official Response

In its latest announcement, Nobitex reassured users that its technical team has the situation under control. It said all external server access is shut off to stop further intrusions.

Nobitex Announcement No. 4 – Regarding the Security Incident

As part of Nobitex’s ongoing response to the recent security incident, we would like to inform our users that the situation is now under control. All external access to our servers has been completely severed.

If you…

— Nobitex | نوبیتکس (@nobitexmarket) June 18, 2025

The exchange emptied its online hot wallets into cold storage to protect customer assets. Despite seeing lower balances on blockchain scanners, the company insists those moves were preemptive safety steps and not another attack.

Impact on Users

Nobitex serves more than 11 million users, many of whom rely on its platform for sending money abroad. The firm pointed out that it has been unable to use its normal banking channels for months due to government restrictions. 

These ongoing payment blockages make it harder for customers to move funds in and out of the exchange.

Warning to the Public

Before the hack, Gonjeshke Darande posted a message in Farsi and English, warning Iranians that working with services it labelled “terrorist financing infrastructure” could put their money at risk. 

The group urged people to act quickly to avoid losses. Analysts say this kind of scare tactic fits the political aims of a pro‑Israel operation targeting Iran.

Regulators Tighten Rules

Following the hack, Iranian authorities imposed trading hours from 10 am to 8 pm on all domestic crypto platforms. 

Chainalysis reported that the central bank likely hopes shorter hours will let security teams spot and stop attacks more easily. The new rule also gives the regime more control over capital flows at times of high geopolitical tension.

Broader Security Concerns

Experts say the leak of source code could be as serious as the robbery itself. With core scripts and settings laid bare, rival hackers might find new entry points. 

Nobitex’s move to block external access could slow service restoration, but it also buys time to patch vulnerabilities revealed by the code dump.

Also Read: Crypto Market Declines Amid Israel-Iran Conflict, Historical Patterns Show Potential Rebounds