Iran’s Nobitex Starts Recovery Efforts After $90M Exploit

Iran’s largest crypto exchange, Nobitex, has begun restoring user access to wallets after suffering a major cyberattack that drained over $90m in assets earlier this month.

In a statement issued Sunday, the Tehran-based platform said that wallet access was being reactivated in phases, beginning with verified users and spot wallets.

Other wallet types will follow, contingent on the completion of identity checks. Nobitex urged users to complete verification promptly and noted that wallet balances would become visible once all security and data accuracy checks were finalized.

“We are working to resume withdrawal, deposit, and trading services for verified users with minimal delay,” the company said. It warned that the timeline may shift depending on technical conditions and additional security requirements.

Users Risk Losing Funds if Deposits Are Sent to Outdated Wallets, Nobitex Says

The company also advised users not to deposit funds to previously issued wallet addresses, which are now invalid due to a full system migration.

Any transfers to the old addresses could result in permanent fund loss. Users relying on automated systems such as mining rigs or saved withdrawal configurations were told to update their details or wait for new personal addresses to be issued.

The platform’s gradual reboot follows a highly disruptive breach earlier this month. The cyberattack prompted Iran’s central bank to intervene.

Authorities React to Hack With Curbs on Operating Hours for Domestic Exchanges

Authorities have since ordered all domestic crypto exchanges to limit operations between 10am and 8pm. This measure aims to strengthen security and reduce the risk of after-hours attacks.

Meanwhile, the pro-Israel hacking group Predatory Sparrow, also known as Gonjeshke Darande, claimed responsibility for the breach. The incident marks yet another escalation in cyberwarfare involving state-linked actors in the region.

Nobitex handles the bulk of Iran’s crypto trades. It plays a key role in the country’s expanding digital asset ecosystem.

However, the recent breach has shaken user confidence. It has also raised concerns about the strength of Iran’s broader financial infrastructure, especially as cyber threats grow more sophisticated.