Iran’s central bank has reportedly ordered all domestic crypto exchanges to restrict their operating hours, following a cyberattack that drained over $90m from the country’s largest crypto trading platform. The new rule, which limits trading to between 10am and 8pm, appears to be a direct response to the hack on Nobitex , the Tehran-based exchange that processes the bulk of Iran’s crypto transactions. This move is aimed at tightening oversight and reducing the likelihood of future incidents, especially during off-hours when cybersecurity response times are slower. The pro-Israel hacking group Gonjeshke Darande, or Predatory Sparrow, claimed responsibility for the breach. In an X post, the group said it had infiltrated Nobitex’s infrastructure and promised to release its source code and internal data. A day earlier, the same group said it had targeted state-owned Bank Sepah. 🚨⚠️ Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group This morning, Nobitex — Iran’s largest cryptocurrency exchange — suffered a significant hack. Elliptic has identified over $90 million in cryptoassets moved from Nobitex wallets to addresses… pic.twitter.com/or2bdcELuU — Elliptic (@elliptic) June 18, 2025 Experts See Political Message in Nobitex Hack Cybersecurity firms say the stolen funds were not moved for profit. Instead, the attackers “burned” the crypto by sending it to wallet addresses with no known private keys, effectively destroying the assets. Several of those wallet addresses included slurs against Iran’s Revolutionary Guard Corps. Analysts say this suggests the hack was politically motivated, not financially. Blockchain analytics firm Elliptic confirmed that more than $90m had been siphoned from Nobitex and traced to these burner wallets. Chainalysis added that the incident fits a pattern of cyberattacks coinciding with spikes in tensions between Israel and Iran. Hack Spurs Iran to Clamp Down on Crypto Sector Key to Bypassing Sanctions Predatory Sparrow has launched similar cyber operations against Iranian infrastructure in the past. Israeli media widely believe the group is linked to Israel’s military or intelligence agencies. However, there has been no official confirmation of its affiliations. The fallout from the hack has cast a spotlight on Iran’s dependence on crypto as a tool to skirt international sanctions. Exchanges like Nobitex let users trade outside the global banking system. As a result, they have become essential for countries facing sanctions. However, this also makes them highly vulnerable in today’s tense geopolitical climate. By limiting crypto trading to daytime hours, Iranian authorities aim to tighten control over the sector. This sector has become increasingly vital to the country’s financial survival. However, the curfew is unlikely to fully prevent future cyberattacks. Still, it signals a growing sense of urgency as Tehran scrambles to protect its fragile digital economy.Iran’s central bank has reportedly ordered all domestic crypto exchanges to restrict their operating hours, following a cyberattack that drained over $90m from the country’s largest crypto trading platform. The new rule, which limits trading to between 10am and 8pm, appears to be a direct response to the hack on Nobitex , the Tehran-based exchange that processes the bulk of Iran’s crypto transactions. This move is aimed at tightening oversight and reducing the likelihood of future incidents, especially during off-hours when cybersecurity response times are slower. The pro-Israel hacking group Gonjeshke Darande, or Predatory Sparrow, claimed responsibility for the breach. In an X post, the group said it had infiltrated Nobitex’s infrastructure and promised to release its source code and internal data. A day earlier, the same group said it had targeted state-owned Bank Sepah. 🚨⚠️ Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group This morning, Nobitex — Iran’s largest cryptocurrency exchange — suffered a significant hack. Elliptic has identified over $90 million in cryptoassets moved from Nobitex wallets to addresses… pic.twitter.com/or2bdcELuU — Elliptic (@elliptic) June 18, 2025 Experts See Political Message in Nobitex Hack Cybersecurity firms say the stolen funds were not moved for profit. Instead, the attackers “burned” the crypto by sending it to wallet addresses with no known private keys, effectively destroying the assets. Several of those wallet addresses included slurs against Iran’s Revolutionary Guard Corps. Analysts say this suggests the hack was politically motivated, not financially. Blockchain analytics firm Elliptic confirmed that more than $90m had been siphoned from Nobitex and traced to these burner wallets. Chainalysis added that the incident fits a pattern of cyberattacks coinciding with spikes in tensions between Israel and Iran. Hack Spurs Iran to Clamp Down on Crypto Sector Key to Bypassing Sanctions Predatory Sparrow has launched similar cyber operations against Iranian infrastructure in the past. Israeli media widely believe the group is linked to Israel’s military or intelligence agencies. However, there has been no official confirmation of its affiliations. The fallout from the hack has cast a spotlight on Iran’s dependence on crypto as a tool to skirt international sanctions. Exchanges like Nobitex let users trade outside the global banking system. As a result, they have become essential for countries facing sanctions. However, this also makes them highly vulnerable in today’s tense geopolitical climate. By limiting crypto trading to daytime hours, Iranian authorities aim to tighten control over the sector. This sector has become increasingly vital to the country’s financial survival. However, the curfew is unlikely to fully prevent future cyberattacks. Still, it signals a growing sense of urgency as Tehran scrambles to protect its fragile digital economy.