Crypto analytics firm TRM Labs has suggested that Israel’s cyber teams may have accessed internal data from the $90 million breach on Nobitex. The goal would be to identify and apprehend operatives working for Iran.
In its report, TRM Labs highlighted the arrest of three suspects in Israel. They face charges related to espionage for Iran.
Authorities say they carried out surveillance, spread propaganda, and gathered intelligence.
Crypto Payments for Spying
Two of the detained individuals reportedly received payments in cryptocurrencies for their work. Such digital transfers let handlers pay agents across borders without using banks. This method makes covert operations harder to trace.
TRM Labs called this a rare example of state-backed espionage paid in digital assets. It shows how crypto can play a role in modern intelligence efforts. Traditional funds routes often trigger alarms, while tokens can move quietly online.
Payment Details
One suspect, 28-year-old Dmitri Cohen, was said to earn $500 in crypto for each task he completed. This amount was credited as digital tokens rather than cash. Such payments highlight the appeal of crypto in secret operations.
The arrests came just days after Nobitex suffered a massive security breach on June 18. Hackers drained the exchange’s hot wallets across several networks. They made off with more than $90 million in digital currency.
Unconfirmed Connections
Although Israeli officials have not confirmed any link between the hack and the espionage arrests, TRM Labs pointed to the close timing. The firm noted that the tactical details and dates suggest possible overlap in intelligence work.
Nobitex, Iran’s largest cryptocurrency exchange, was hit hard in mid June. The company lost large sums from its live wallets. Users and regulators watched closely as the exchange scrambled to secure its systems.
Claim of Responsibility
Soon after the hack, a pro Israel hacking group named Gonjeshke Darande said it had carried out the attack. This group has a long record of targeting organizations tied to the Iranian government.
Gonjeshke Darande said it struck Nobitex because the platform helps Iran dodge sanctions. The group views the exchange as a tool for financing activities that break international rules.
Unspendable Transfers
In a striking move, the hackers moved stolen funds into vanity addresses. These are wallet addresses known or believed to lack private keys. That step makes it impossible to access the stolen assets.
Also Read: Fuzzland Reveals Former Employee Was Responsible for the $2 Million Bedrock UniBTC Crypto Hack
By sending tokens to unspendable accounts, the attackers signaled a political message. They did not aim to profit. Instead, they wanted to disrupt and embarrass the exchange and its backers.
Crypto as a Geopolitical Tool
This incident underscores the growing use of digital assets in global conflicts. Crypto theft can serve as a form of cyber warfare or statecraft. It adds a new layer to how nations compete.
For exchanges like Nobitex, large scale hacks bring more than financial loss. They threaten trust and reputation. Users demand stronger security and faster responses to breaches.
Law Enforcement Response
Israeli cyber authorities are known for their technical skill. If they did leverage hack data to catch spies, it would show a high level of coordination between cyber teams and law enforcement.
The case may push other countries to boost crypto oversight. Regulators will watch how exchanges handle hacks and cooperate with security agencies.