Iran has imposed a curfew on crypto exchanges in the wake of a major cyberattack that drained $90m from its largest trading platform, Nobitex.
A pro-Israeli hacking group, Gonjeshke Darande, or Predatory Sparrow, claimed responsibility for the attack, which took place on Wednesday (June 18).
Cybersecurity experts believe the hackers may have transferred the hacked crypto to digital wallets over which they had no control, effectively throwing it away.
Sanctions avoidance
In a post on X, Gonjeshke Darande said the Nobitex exchange was at the heart of the Iranian regime’s efforts to finance terror worldwide, as well as being the regime’s favorite sanctions violation tool.
“Nobitex doesn’t even pretend to abide by sanctions. In fact, it publicly instructs users on how to use its infrastructure to bypass sanctions. The regime's dependence on Nobitex is evident from the fact that working at Nobitex is considered valid military service, as it is considered vital to the regime's efforts.”
The hackers warned, “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”
Nobitex acknowledged the scope and impact of the attack and said as a precautionary measure access to its web and mobile app had been suspended.
At the time of writing, the Nobitex website remains inaccessible, and the exchange anticipates a phased and secure restoration of services will take up to five days.
However, in statements on social media Nobitex insisted that all user funds remained safe.
“The vast majority of assets are stored in cold wallets and were not impacted. The breach was limited to a portion of our hot wallet, which is used for day-to-day liquidity.”
It added: “All potential user losses will be fully covered through our insurance fund and internal reserves. Users will not experience any financial loss.”
Geopolitical consequences
The Gonjeshke Darande hack is the latest and most geopolitically consequential cyberattack on digital assets, and raises questions about crypto-exchanges’ vulnerability to such attacks.
As cybersecurity professionals play a constant game of cat and mouse with hackers, the Nobitex hack could provide a catalyst for tougher oversight of the sector.
Legislators and policymakers around the world may be tempted to reach for regulatory tools to forestall hacks on this scale again, especially where exchanges operate in opaque legal environments.
In addition, the Iran hack highlights the role of digital assets in circumventing financial sanctions. Nobitex played a key part in enabling the Iranian regime to use cryptocurrencies to get around sanctions.
This has long posed a challenge to regulators, which must hold sanctions-busting concerns in tension with the crypto market’s potential to drive economic growth.
Tightening regulation
Earlier this month, Abu Dhabi imposed tougher rules on anyone intending to conduct a regulated activity with new virtual assets in a bid to tame the crypto market, and Singapore strengthened its licensing regime in respect of cryptoassets.
The scale of the hack on Nobitex could be a spur to intensified enforcement of anti-money laundering and counter terrorism financing (AML/CTF) rules of crypto regimes globally.
It comes at the same time that EU states are moving to implement the Markets in Crypto Asset Regulation (MiCA), harmonising rules on standards and risk assessments and also as the Financial Action Taskforce (FATF) Travel Rule is being re-evaluated.
Virtual asset service providers (VASPs) are likely to come under increased pressure to bolster their AML/CTF procedures to avoid the kind of hack Iran suffered.