Beyond the stolen millions, the violation exposed a deeper truth: the cryptocurrency of Iran is less a market than an extension of state power. The filtered code shows incorporated surveillance, protected VIP and miners mobilized in crisis.
In report Shared with Crypto.News on July 17, TRM Labs revealed how computer pirates linked to Israel known as a predatory sparrow were infiltrated Nobitex on June 18, diverting $ 90 million in a politically loaded cyberactio.
But the violation did more than drainage funds; He put the hidden control of Bare Tehran on the exchange, from surveillance tools without a court order to a preferential treatment for users linked to the regime.
The consequences have been severe. Nobitex, the largest cryptographic platform in Iran, saw 150% output exits when users fled ahead of Israeli missile attacks. After the footprint, the volumes of transactions were raised by 70%, exposing a crisis of trust.
Meanwhile, the filtered source code confirmed what many suspected: the exchange was designed to serve the state, with rear doors for monitoring and VIP lanes for elites. For Iran, it seems that Crypto was always controlled that financial freedom.
How the Hack Nobitex presented the surveillance state of Iran
The filtered source code of Nobitex’s violation is read as a plan for financial authoritarianism. Buried in the technical documentation were the modules explicitly designed to provide Iranian security agencies without restrictions on user transactions while hiding exceptions for politically connected elites.
According to the TRM Labs analysis, the exchange systems included “permissions encoded with coding granted entities aligned by the State Monitoring capabilities without order”, while the VIP accounts entrusted through a separate infrastructure whose code “had modules to generate stealthy directions, obfusca transactions and evade surveillance”, all designed to avoid scrutiny.
This two -level architecture allowed government agencies to monitor transactions without legal supervision and at the same time protecting elite users. The choice of design, now public, immediately undermines any claim of decentralization or financial neutrality.
TRM analysts pointed out that Nobitex’s internal APIs enruted high -value or politically connected transactions through the separate logic of fraud verification, without completely passing traditional compliance protocols.
The hack also triggered an unexpected crisis response from Tehran. Within 72 hours after attack, long -term Bitcoin wallets linked to Iran’s mining operations began to move funds, channeling more than $ 27 million in the new Hot Nobitex wallets.
These mining operations, concentrated in industrial parks backed by the State near the hydroelectric dams, have become criticism for the Iran Evasion Play Book of Iran. By converting subsidized energy into bitcoin, the regime generates hard currency while darkening the sources of income.
The Nobitex incident showed how quickly these assets can be mobilized, with intact mining rewards since 2021 suddenly liquidated to stabilize the exchange.
However, real damage can be irreversible. The 70% collapse in Nobitex deposits suggests that common Iranians vote with their wallets, fleeing an exchange now openly exposed as a state arm.
By aggravating distrust, Tehran imposed prohibitions of night negotiation a few days after hack, which caused the USDT premiums to increase 40% in pairs markets. What began as a cyber attack has metastasis in a crisis of full -fledged trust, one that undermines Iran’s crypto narrative as a reliable alternative to the dollar.
