Iran's largest cryptocurrency exchange Nobitex has suffered a cyberattack resulting in losses exceeding $81.7mn, with the hacker group Predatory Sparrow claiming responsibility, multiple blockchain security sources reported on June 18.

The breach targeted Nobitex's hot wallets and notification infrastructure, with blockchain investigator ZachXBT identifying suspicious outflows across multiple networks including Tron, Bitcoin, Dogecoin and Ethereum Virtual Machine-compatible blockchains.

Attackers utilised customised vanity wallet addresses during the exploit for the initial $49mn theft and for subsequent transactions.

The hacker group Gonjeshke Darande, also known as Predatory Sparrow, publicly claimed responsibility through social media posts, accusing Nobitex of facilitating sanctions evasion and terrorism financing for the Iranian regime.

The group threatened to release Nobitex's source code and internal network information within 24 hours, warning users that remaining assets would be at risk.

Nobitex confirmed the security incident, stating that unauthorised access was detected in hot wallet infrastructure and notification systems, prompting the immediate suspension of all platform operations.

The exchange assured users that cold wallet assets remain secure and pledged full compensation for losses through its insurance fund and internal resources.

The attack follows a previous cyberattack on Iran's state-owned Bank Sepah, also claimed by Predatory Sparrow, which targeted the institution controlled by the Islamic Revolutionary Guard Corps.

The breach occurs amid escalating tensions between Israel and Iran, with the attack coinciding with renewed conflict following Iranian missile retaliation against Israeli military strikes.

Predatory Sparrow, widely believed to have ties to intelligence services, has previously conducted cyber operations targeting Iranian institutions including fuel distribution networks.

"The Nobitex exchange is at the heart of the regime's efforts to finance terror worldwide, as well as being the regime's favourite sanctions violation tool," the group stated in its social media announcement.

Nobitex's website and mobile applications remain offline whilst security teams investigate the full extent of the compromise.