In what may be one of the largest cyberattacks yet, hackers have seized nearly $90 million from Nobitex, Iran’s biggest cryptocurrency exchange. The breach affected the exchange’s hot wallet, draining over $600 million in funds and affecting more than 10 million customers. The backdrop for this event is that tensions between Israel and Iran have been steadily rising. This state of affairs should ring alarm bells about the security of digital financial infrastructures in the entire region.
For years, Nobitex has been the backbone of Iran’s cryptocurrency ecosystem, promoting innovation among its millions of users and processing billions of dollars in transactions. When animal rights group Predatory Sparrow recently called for a coordinated attack on the exchange, things got heated. This time, the platform was wholly unprepared for the drama. This threat group, first reported to have surfaced in 2021, has gone on to hit several Iranian entities known for their track record of harmful cyber operations.
Predatory Sparrow claimed responsibility for the hack, stating that they aimed to disrupt operations linked to what they described as “financing terrorism for the Iranian regime and evading international sanctions.” This claim is in keeping with the group’s prior years’ efforts. Specifically, they have focused on Iranian actors during the proxy war waged by Israel against Iran since at least 2019.
The cyberattack on Nobitex comes after a similar breach at Bank Sepah, another Iranian financial institution. Moreover, the pattern of these engagements suggests a coordinated campaign by Predatory Sparrow to disrupt Iran’s funding sources. Adding to the geopolitical chess-game, reports indicate that this incoming group might be dovish with respect to Israeli interests.
As tensions escalate, the Iranian state media outlet IRIB reported that Israel has “launched a massive cyber war against [Iran’s] digital infrastructure to disrupt the process of providing services.” Beyond rhetoric, like most cybersecurity conversations, declarations like these miss the point. Both countries are now intensively waging war through missile strikes against one another’s urban centers. This escalation is stoking concern about an even larger regional conflagration.
Following this breach, an archived version of Nobitex’s website from the past week has come to light. This feels similar to the state of the exchange before the break-in. The article inadvertently spotlights the critical need to double down on cybersecurity and approach threats as they rapidly expand and evolve.
