The pro-Israel hacker collective Gonjeshke Darande released the full source code of Iranian crypto exchange Nobitex, just a day after orchestrating a $100 million exploit across multiple blockchains as the war between the two countries nears the end of its first week.
The move raised fresh concerns for users who have not yet withdrawn their assets from the platform because the code makes it extremely easy for nefarious actors to access and exploit.
Israel attacked military and nuclear sites in Iran on Friday saying it had to take action to prevent its enemy, which has vowed to wipe the Jewish state off the map, attaining nuclear weapons. Iran responded with ballistic missile launches targeting the entire country, sending millions into shelters at short notice.
In an X post on Thursday, the hacker group, whose name is Farsi for Predatory Sparrow, wrote: “Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.”
The leak included blockchain scripts, internal privacy settings and a list of servers, effectively dismantling the exchange’s back-end security.
The source code dump follows through on threats issued a day earlier, when Gonjeshke Darande claimed responsibility for the hack and promised to release internal data.
The group accused Nobitex of aiding Iran in circumventing international sanctions and called the platform the “regime’s favorite sanctions violation tool.”
Over $90 million in tokens from Bitcoin, EVM, Ripple, Dogecoin, Solana and other networks were deliberately sent to burner addresses, making recovery unlikely.
Blockchain data shows that funds were moved to provocatively named wallets, such as “1FuckiRGCTerroristsNoBiTEXXXaAovLX” and “DFuckiRGCTerroristsNoBiTEXXXWLW65t,” suggesting the use of brute-force-generated vanity addresses that the attackers do not hold private keys for. The IRCG, or Islamic Revolutionary Guard Corps, is an powerful and influential branch of the Iranian military.
Nobitex responded on Thursday, stating that no additional losses occurred after the leak and that it plans to begin restoring services within five days, although ongoing internet disruptions in Iran may delay the recovery.