Nobitex hackers leak full source code after $100m crypto heist

The cyberattack on Iranian crypto exchange Nobitex has gone from bad to worse, as hackers deliver yet another major blow.

Gonjeshke Darande, the hacker group behind the breach on the Nobitex exchange, took to Twitter on Thursday to leak what they claim is the exchange’s full source code.

“Time’s up — full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” the hackers wrote. In the following eight-part thread, the group leaked sensitive information about the exchange’s infrastructure, including server layouts, privacy tools, deployment systems, and more.

The move, which further jeopardizes what’s left of user assets, comes as the exchange continues to reel from the recent breach of its hot wallets, with total losses now reaching $100 million in assorted crypto assets.

Prior to leaking the security details, the group, also known by the pseudonym “Predatory Sparrow,” claimed it had burned up to $90 million of the stolen funds across multiple chains. According to the hackers, they used “vanity addresses” that lack recoverable private keys, rendering the assets permanently inaccessible.

Nobitex acknowledged earlier the same day that its internal investigation revealed the scope and impact of the attack to be more complex than initially estimated. The exchange also noted that its response efforts have been limited due to broader national tensions stemming from the ongoing Israel–Iran conflict.

Widely regarded as a central pillar of Iran’s crypto economy, Nobitex was explicitly targeted by the group as part of what it described as retaliation for the conflict. Gonjeshke Darande has, on several occasions, referred to the exchange as the country’s “favorite sanctions violations tool.”

In response to the crisis, Iran has imposed a curfew on domestic cryptocurrency exchanges, restricting their operating hours between 10 a.m. and 8 p.m.