Iran's Nobitex Exchange Begins Recovery Following $90M Cyberattack

Iran's dominant cryptocurrency exchange, Nobitex, has commenced a systematic recovery process after experiencing a catastrophic cyberattack that resulted in over $90 million in drained assets earlier this month. The Tehran-headquartered platform announced Sunday that it was implementing a phased approach to restore user access, prioritizing verified accounts and spot wallets in the initial recovery stages.

The exchange outlined a structured restoration timeline, with additional wallet categories becoming accessible as comprehensive identity verification procedures are completed. Nobitex emphasized the critical importance of users completing verification processes promptly, noting that wallet balances would only become visible after rigorous security protocols and data accuracy assessments were finalized.

"We are working diligently to resume withdrawal, deposit, and trading services for verified users with minimal delay," the company stated. However, management cautioned that recovery timelines remain fluid, subject to evolving technical conditions and enhanced security requirements implemented following the breach.

Critical Wallet Migration Warnings

Nobitex issued urgent warnings regarding a complete system migration that has rendered all previously issued wallet addresses invalid. The exchange stressed that users must avoid depositing funds to outdated wallet addresses, as such transfers could result in irreversible fund loss. This warning particularly affects users operating automated systems, including cryptocurrency mining operations and saved withdrawal configurations.

The platform advised users to either update their automated systems immediately or await the issuance of new personalized wallet addresses to prevent accidental fund transfers to compromised or obsolete addresses. This migration represents a fundamental infrastructure overhaul designed to enhance security measures following the devastating breach.

Regulatory Response and Operational Restrictions

The cyberattack prompted immediate intervention from Iran's central banking authorities, who implemented stringent operational restrictions across the domestic cryptocurrency exchange sector. Regulators have mandated that all Iranian crypto trading platforms limit operations to a 10-hour window between 10am and 8pm, aiming to strengthen security oversight and minimize vulnerability to after-hours attacks.

The pro-Israel hacking collective Predatory Sparrow, also operating under the alias Gonjeshke Darande, has claimed responsibility for the sophisticated breach. This incident represents a significant escalation in regional cyberwarfare activities involving state-linked actors and highlights the growing intersection between geopolitical tensions and cryptocurrency infrastructure targeting.

Market Impact and Infrastructure Concerns

As Iran's primary cryptocurrency trading venue, Nobitex processes the majority of the country's digital asset transactions and serves as a cornerstone of Iran's expanding cryptocurrency ecosystem. The exchange's compromised status has significantly disrupted local trading activities and raised substantial concerns about user confidence in domestic platforms.

The breach has exposed potential vulnerabilities within Iran's broader financial technology infrastructure, particularly as cybersecurity threats become increasingly sophisticated and targeted. Market analysts suggest that the incident may accelerate regulatory discussions regarding enhanced security standards and operational protocols for cryptocurrency exchanges operating within Iranian jurisdiction.