Key Points

• It seems likely that CoinDCX, an Indian cryptocurrency exchange, was compromised, with research suggesting a theft of around $44.2 million in USDC and USDT from an internal wallet on July 18, 2025.

• The evidence leans toward the attack involving a sophisticated server breach, with funds moved across blockchains, including to Ethereum.

• There is uncertainty around the exact technical details, but the incident appears to be the work of financially motivated cybercriminals.

Incident Overview

On July 18, 2025, CoinDCX, a major Indian crypto exchange, likely experienced a security breach, with reports indicating a loss of approximately $44.2 million in stablecoins (USDC and USDT) from an internal operational wallet on the Solana blockchain. The exchange confirmed the breach, stating that customer funds remain safe and the loss will be covered from their treasury reserves.

Technical Details

The attack seems to have involved a "sophisticated server breach," allowing hackers to access the wallet used for liquidity provisioning with a partner exchange. The stolen funds were transferred to an attacker-controlled wallet, with part of the $15.8 million bridged to Ethereum. Key wallet addresses include:

• Solana: 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n

• Ethereum: 0xEF0c5b9e0E9643937D75C229648158584A8CD8D2

The attackers funded the hack with 1 ETH from Tornado Cash, a privacy tool, suggesting an attempt to obscure the fund trail.

Impact and Response

The financial impact is significant at $44.2 million, but CoinDCX has assured users that their funds are unaffected. This incident may erode trust in Indian crypto exchanges, especially following a similar hack on WazirX a year ago, potentially leading to increased regulatory scrutiny.

For more details, see the initial report by CyversAlerts: CyversAlerts X Post and CoinDCX's confirmation: Sumit Gupta X Post.

Comprehensive Analysis of the CoinDCX Compromise

This detailed analysis provides a thorough examination of the recent security breach involving CoinDCX, an Indian centralized cryptocurrency exchange, based on available information as of 7:41 PM BST on July 19, 2025. The report follows a structured approach, integrating verified data, contextual information, and actionable intelligence to support security professionals and the broader cryptocurrency community.

Executive Summary

On July 18, 2025, CoinDCX suffered a significant security breach, with an estimated $44.2 million in USDC and USDT stolen from an internal operational wallet on the Solana blockchain. The incident was first publicly reported by blockchain security firm CyversAlerts and on-chain investigator ZachXBT, with CoinDCX confirming the breach later that day. The attackers utilized Tornado Cash to fund the attack and bridged a portion of the stolen funds ($15.8 million) to the Ethereum blockchain, indicating a sophisticated attempt to launder the assets. CoinDCX has assured that customer funds remain unaffected and will absorb the loss from their treasury reserves. This report assesses the technical details, threat actor capabilities, and strategic implications, offering recommendations for immediate and long-term mitigation.

Incident Overview

• Date of Discovery: July 18, 2025, with the breach detected approximately 20 hours prior to CyversAlerts' post at 17:38 UTC on July 19, 2025, placing the incident around 21:38 UTC on July 18, 2025.

• Affected Entities: CoinDCX, a leading Indian cryptocurrency exchange.

• Estimated Impact: $44.2 million in USDC and USDT, with $15.8 million bridged to Ethereum.

• Threat Classification: Classified as cybercriminal activity, given the financial motivation and use of laundering techniques.

• Confidence Level: High, supported by multiple sources including on-chain data, investigator reports, and official statements from CoinDCX.

Technical Analysis

The breach involved a "sophisticated server breach," as described by CoinDCX CEO Sumit Gupta, targeting an internal operational wallet used for liquidity provisioning with an unnamed partner exchange. This wallet was not publicly tagged or included in proof-of-reserve reports, necessitating manual attribution by investigators.

Attack Vector and Methodology

The attack likely exploited vulnerabilities in CoinDCX's server infrastructure, gaining unauthorized access to the operational wallet's private keys or credentials. The attackers then executed transactions to transfer the stolen funds to their controlled wallets. The use of Tornado Cash for funding (1 ETH) and cross-chain bridges to move funds from Solana to Ethereum suggests a coordinated strategy to obscure the fund trail and complicate recovery efforts.

Technical Indicators of Compromise (IOCs)

The following IOCs have been identified:

• Wallet Addresses:

  • Solana Attacker Address: 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n

  • Ethereum Address (bridged funds): 0xEF0c5b9e0E9643937D75C229648158584A8CD8D2

• Contract Addresses: Not applicable, as the breach involved wallet compromise rather than smart contract exploitation.

• Transaction Hashes: Specific hashes were not publicly disclosed in the available data, but large transfers around July 18-19, 2025, can be further investigated on blockchain explorers.

• Malware/Tools: Tornado Cash, a privacy mixer, was used to fund the attack, indicating the attacker's intent to anonymize transactions.

• Other Technical Indicators: Cross-chain bridging of funds from Solana to Ethereum, with a notable transfer of 4,443 ETH ($15.8 million) to the Ethereum address on July 19, 2025, at 8:49:23 UTC.

MITRE ATT&CK Mapping

Mapping the observed tactics, techniques, and procedures to the MITRE ATT&CK framework:

• Initial Access: T1190 - Exploit Public-Facing Application (speculative, based on server breach).

• Execution: T1059 - Command and Scripting Interpreter (possible, for executing wallet transfer commands).

• Credential Access: T1552 - Unsecured Credentials (likely, if private keys were stolen).

• Exfiltration: T1048 - Exfiltration Over Alternative Protocol (transferring funds to attacker wallets via blockchain).

• Impact: T1496 - Resource Hijacking (stealing cryptocurrency for financial gain).

This mapping is based on available information and may require refinement with additional technical details.

Threat Actor Analysis

Attribution Assessment

At this stage, there is no specific attribution to a known threat actor group. The use of Tornado Cash and cross-chain bridges aligns with tactics employed by financially motivated cybercriminals, potentially including lone wolves or organized cybercrime groups. The lack of public attribution and the sophistication of the attack suggest a high level of operational security by the threat actor, with a confidence level of "Possible" (40-69%) for cybercriminal involvement.

Capability Assessment

The threat actor demonstrated moderate to high technical capabilities, including:

• Ability to breach server infrastructure, suggesting knowledge of vulnerability exploitation or social engineering.

• Proficiency in cryptocurrency laundering techniques, such as using Tornado Cash and cross-chain bridges.

• Coordination across multiple blockchains (Solana and Ethereum), indicating familiarity with decentralized finance (DeFi) ecosystems.

Intent Analysis

The primary intent appears to be financial gain, as evidenced by the theft of $44.2 million in stablecoins, which are easily convertible to fiat currency or other assets. The use of privacy tools and laundering methods further supports this motivation.

Diamond Model Analysis

• Adversary: Unknown threat actor, likely financially motivated cybercriminals.

• Capability: Server breach, wallet compromise, use of Tornado Cash, and cross-chain bridging.

• Infrastructure: Tornado Cash, Solana and Ethereum blockchains, attacker-controlled wallets.

• Victim: CoinDCX, specifically their internal operational wallet used for liquidity provisioning.

Impact Assessment

Immediate Financial Impact

The direct financial loss to CoinDCX is $44.2 million, with the stolen assets comprising USDC and USDT. CoinDCX has stated that the loss will be absorbed from their treasury reserves, and customer funds remain unaffected, as the compromised wallet was not user-facing. Market reactions may include temporary volatility in CoinDCX's trading pairs, but specific impacts on token prices were not detailed in available reports.

Ecosystem Impact

This incident occurs against the backdrop of a previous major hack on WazirX, another Indian exchange, on July 18, 2024, for $230 million, potentially exacerbating concerns about the security of centralized exchanges in India. The breach may lead to:

• Reduced trust among users, prompting withdrawals or migration to other platforms.

• Increased regulatory attention, with potential calls for stricter compliance and security standards.

• Broader market sentiment shifts, affecting the perception of Indian crypto exchanges globally.

Strategic Implications

The CoinDCX hack underscores the ongoing risks associated with centralized exchanges, particularly the vulnerability of hot wallets and server infrastructure. It may prompt:

• Industry-wide adoption of enhanced security measures, such as multi-signature wallets and cold storage for operational funds.

• Regulatory responses, including mandatory security audits and disclosure requirements for exchanges.

• Long-term shifts toward decentralized finance (DeFi) platforms, perceived as less vulnerable to single points of failure.

Recommendations

Immediate Actions

• CoinDCX should conduct a thorough forensic investigation in collaboration with cybersecurity partners to identify the root cause of the server breach and implement patches or mitigations.

• Work with law enforcement and other exchanges to track and potentially recover the stolen funds, leveraging blockchain analytics tools.

• Communicate transparently with users and the community, providing regular updates on the investigation and recovery efforts to maintain trust.

Strategic Recommendations

• Implement multi-signature wallets or hardware security modules (HSMs) for operational wallets to enhance security and require multiple approvals for transactions.

• Regularly audit server infrastructure and wallet management practices, including penetration testing and access control reviews.

• Segregate operational funds, using cold storage for large balances not required for immediate liquidity, reducing exposure to hot wallet risks.

Industry-Wide Considerations

• Exchanges should prioritize security by establishing industry standards for wallet management, including regular security audits and proof-of-reserve verifications.

• Foster collaboration through information sharing platforms to disseminate threat intelligence and lessons learned from incidents like the CoinDCX hack.

• Encourage the adoption of decentralized security models, such as multi-party computation (MPC) wallets, to mitigate risks associated with centralized control.

Appendices

Timeline of Events

• July 18, 2025, ~21:38 UTC: Hack occurs, with funds stolen from CoinDCX's internal operational wallet on Solana.

• July 19, 2025, 17:38 UTC: CyversAlerts posts about the hack on X, citing investigations by ZachXBT: CyversAlerts X Post.

• July 19, 2025, later: CoinDCX CEO Sumit Gupta confirms the breach via X, stating customer funds are safe: Sumit Gupta X Post.

Technical Deep Dive

The technical analysis reveals a server breach targeting CoinDCX's operational wallet, with the attacker leveraging Tornado Cash for funding and bridging funds to Ethereum. The Solana address 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n received the initial stolen funds, while the Ethereum address 0xEF0c5b9e0E9643937D75C229648158584A8CD8D2 received 4,443 ETH ($15.8 million) on July 19, 2025, at 8:49:23 UTC, likely via a cross-chain bridge. Further analysis of transaction flows on blockchain explorers (e.g., Solana Explorer, Etherscan) could reveal additional details, but specific transaction hashes were not publicly available at the time of reporting.

References and Sources

• CyversAlerts X Post

• Sumit Gupta X Post

• CoinDesk Article

• The Block Article

• Blockchain explorers: Solana Explorer, Etherscan

Key Points

- BigONE, a cryptocurrency exchange, was hacked on July 16, 2025, with losses estimated at $27 million due to a supply chain attack.

- Research suggests the attackers compromised the exchange's production network, likely through its Continuous Integration/Continuous Delivery (CI/CD) pipelines or server management, enabling unauthorized withdrawals.

- The evidence leans toward the stolen assets, including Bitcoin, Ethereum, and others, being traced to specific wallet addresses, with BigONE committing to cover all losses.

- There is some controversy around BigONE's past associations with scam activities, which may influence public perception of the incident.

Incident Overview

On July 16, 2025, BigONE, a Singapore-based cryptocurrency exchange, confirmed a security breach resulting in the theft of approximately $27 million in digital assets. The attack targeted the exchange's hot wallet infrastructure through a sophisticated supply chain compromise, allowing hackers to bypass security without accessing private keys. BigONE has pledged to cover all losses, using internal reserves and external borrowing to ensure user funds remain safe.

Technical Details

The attack likely involved exploiting vulnerabilities in BigONE's CI/CD pipelines or server management channels, deploying malicious binaries to account-operation servers. This enabled the attackers to modify business logic and disable risk-control checks, facilitating unauthorized withdrawals across multiple blockchains like Bitcoin, Ethereum, Solana, and Tron.

Impact and Response

The immediate financial impact is significant, with stolen assets including 120 BTC, 350 ETH, and millions of USDT. BigONE is working with security firms like SlowMist and Cyvers to trace the funds and has temporarily suspended withdrawals while enhancing security measures. This incident highlights ongoing risks in the crypto industry, potentially affecting trust in centralized exchanges.

Comprehensive Analysis of the BigONE Exchange Hack - July 16, 2025

Introduction

On July 16, 2025, at 09:48 AM BST, BigONE, a prominent cryptocurrency exchange based in Singapore, confirmed a major security breach, marking another significant incident in the crypto industry's ongoing battle with cyber threats. This report provides a detailed examination of the hack, leveraging insights from various sources to offer a comprehensive understanding of the event, its technical underpinnings, and its broader implications. The analysis aims to inform security professionals, industry stakeholders, and the public, emphasizing the need for robust security practices in the rapidly evolving digital asset ecosystem.

Incident Background

The hack, first detected by BigONE's real-time monitoring system on the morning of July 16, 2025, resulted in the unauthorized draining of approximately $27 million in digital assets. Initial reports from blockchain security firms like SlowMist and Cyvers, as well as on-chain trackers like Lookonchain, confirmed the scale of the breach, with stolen assets spanning multiple blockchains, including Bitcoin (BTC), Ethereum (ETH), Tron (TRX), Solana (SOL), and various stablecoins and altcoins.

BigONE's official statement, cited in multiple news outlets, assured users that all private keys remained secure and that the exchange would fully bear all losses. The company activated its internal security reserves, comprising BTC, ETH, USDT and SOL, and secured external liquidity through borrowing mechanisms to restore affected user funds. Deposits and trading were expected to resume shortly, with withdrawals delayed until further security upgrades were implemented.

Technical Analysis

The attack vector was identified as a supply chain compromise, a hard to detect and increasingly common tactic in compromises across most industries.

The attack sequence, as detailed by Cyvers, began with the unauthorized draining of 350 ETH, valued at approximately $1.1 million, followed by expanded withdrawals across multiple blockchains. The stolen funds were consolidated into a single external address and subsequently converted to WETH/ETH, routed through fresh intermediaries for mixing or decentralized exchange activity to obscure their trail.

Technical indicators of compromise (IOCs) include the following wallet addresses, identified by security firms and on-chain trackers:

Wallet Addresses

| Ethereum & BSC | 0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a

| Solana | HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R

| Bitcoin | bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm

Threat Actor Analysis

The attack currently has no apparent attribution. The sophistication, involving supply chain compromise and server manipulation, suggests a well-resourced and technically adept group.

The threat actor's capabilities include:

- Compromising supply chain elements, such as CI/CD pipelines or third-party server management services.

- Deploying malicious binaries to production servers, indicating access to advanced malware development tools.

- Modifying business logic to bypass security controls, demonstrating deep understanding of exchange infrastructure.

- Executing large-scale withdrawals and laundering stolen funds through mixing services and decentralized exchanges, showcasing expertise in cryptocurrency operations.

The intent analysis points to financial gain as the primary objective, with no indications of ideological or nation-state motivations. The Diamond Model analysis further contextualizes the incident:

- Adversary: Cyber criminal group with advanced technical capabilities.

- Capability: Supply chain compromise, malware deployment, server manipulation, cryptocurrency laundering.

- Infrastructure: Compromised CI/CD pipelines, production servers, blockchain networks (Ethereum, Bitcoin, Solana, Tron, etc.).

- Victim: BigONE Exchange, its users, and the broader cryptocurrency ecosystem.

Impact Assessment

The immediate financial impact is the loss of $27 million in digital assets, affecting a wide range of tokens and potentially impacting market sentiment. BigONE's commitment to covering all losses mitigates direct user financial impact, but the incident erodes trust in centralized exchanges, potentially driving users towards decentralized alternatives or increasing regulatory scrutiny.

The ecosystem impact is significant, with the crypto industry already facing $2.47 billion in losses due to hacks, scams, and exploits in the first half of 2025, a 3% increase from $2.4 billion in 2024.

Recommendations

To address the immediate threat, BigONE and similar exchanges should:

1. Strengthen CI/CD Pipelines: Implement strict access controls, continuous monitoring, and automated validation of code and dependencies to prevent supply chain attacks.

2. Enhance Network Segmentation: Isolate build and wallet-management servers to limit lateral movement in case of a breach.

3. Implement Continuous Monitoring: Deploy on-chain and off-chain monitoring tools, such as those offered by SlowMist and Cyvers, to detect unusual transaction patterns and server behavior.

4. Automated Incident Response: Utilize automated systems to quickly respond to and contain security incidents, reducing the window of opportunity for attackers.

Strategically, exchanges should:

1. Adopt Multi-Signature Wallets: Require multiple approvals for hot wallet transactions to enhance security.

2. Regular Security Audits: Conduct frequent audits and penetration testing to identify and remediate vulnerabilities.

3. Employee Training: Educate staff on security best practices, particularly regarding supply chain security and social engineering risks.

4. Incident Response Plan: Develop and regularly update a comprehensive incident response plan to ensure swift and effective action during breaches.

Industry-wide, stakeholders should:

1. Standardize Security Practices: Develop and adopt industry standards for securing cryptocurrency exchanges, focusing on supply chain security and hot wallet management.

2. Regulatory Oversight: Advocate for regulatory guidelines to enforce minimum security standards, enhancing overall industry resilience.

3. Information Sharing: Promote collaboration among exchanges and security firms to disseminate threat intelligence and best practices, fostering a collective defense against cyber threats.

Controversies and Public Perception

The incident has stirred controversy, with blockchain investigator ZachXBT claiming BigONE previously processed significant volumes tied to "pig butchering," romance, and investment scams. This has led to mixed public reactions, with some expressing sympathy for affected users and others criticizing BigONE's past associations. Such controversies may influence regulatory attention and user trust, highlighting the need for transparency and accountability in the crypto industry.

Conclusion

The BigONE Exchange hack on July 16, 2025, is a stark reminder of the vulnerabilities inherent in centralized cryptocurrency exchanges, particularly in their supply chain and hot wallet management. While BigONE's commitment to covering losses mitigates immediate user impact, the incident underscores the urgent need for enhanced security measures, industry collaboration, and regulatory oversight to safeguard the growing digital asset ecosystem. This report, informed by insights from Cointelegraph, Cryptonews, Coindesk, BeInCrypto, and security firms like SlowMist and Cyvers, aims to provide a thorough resource for understanding and addressing such threats.

On June 18, 2025, at 09:49 AM BST, Nobitex, Iran's largest cryptocurrency exchange, confirmed a significant security breach. This report provides a detailed analysis of the compromise.

Executive Summary

On June 18, 2025, Nobitex suffered a security breach resulting in the theft of approximately $48.6 million from its hot wallets, confirmed via an official X post.

The attack was claimed by Gonjeshke Darande (Predatory Sparrow), a hacker group with suspected Israeli ties, known for targeting Iranian infrastructure. The attackers used vanity addresses, with one address ("TKFuckiRGCTerroristsNoBiTEXy2r7mNX") containing an explicit anti-Iranian message, suggesting geopolitical motivations. Nobitex assured users that cold storage assets remain secure and promised full compensation through its insurance fund and internal resources. This incident underscores vulnerabilities in crypto exchanges, particularly in geopolitically sensitive regions.

Incident Overview

• Date of Discovery: June 18, 2025, as confirmed in Nobitex's official statement.

• Affected Entities: Nobitex, a leading Iranian crypto exchange, operational since 2017, offering trading in bitcoin, ethereum, and other assets, primarily serving the Iranian market under international sanctions.

• Estimated Impact: $48.6 million stolen, primarily in Tether's USDT via the Tron network, based on on-chain investigator ZachXBT's analysis.

• Threat Classification: Cyber criminal group with possible state sponsorship, claimed by Gonjeshke Darande, an Israeli-linked group with a history of targeting Iranian entities.

• Confidence Level: MEDIUM, supported by multiple sources including Nobitex's official statement, on-chain data, and hacker group claims.

Technical Analysis

Attack Vector and Methodology

The attackers gained unauthorized access to Nobitex's hot wallets and reporting infrastructure, likely exploiting vulnerabilities in the exchange's systems. The stolen funds were transferred to vanity addresses on the Tron network, with one address ("TKFuckiRGCTerroristsNoBiTEXy2r7mNX") containing an explicit message targeting Nobitex and referencing the Islamic Revolutionary Guard Corps (IRGC), indicating a targeted attack motivated by geopolitical tensions. The exact method of initial access is not publicly disclosed, but such attacks typically involve Insider Threats, Phishing, Malware, Private Key compromise or exploiting software vulnerabilities. The use of vanity addresses suggests the attackers had control over the transaction initiation process, possibly by compromising private keys or the wallet management system, leveraging the Tron network's fast transaction speeds to quickly move funds.

Technical Indicators of Compromise (IOCs)

• Wallet Addresses: TKFuckiRGCTerroristsNoBiTEXy2r7mNX, and other addresses involved in the transaction, identified by ZachXBT. (0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead, 1FuckiRGCTerroristsNoBiTEXXXaAovLX)

• Contract Addresses: Not specified, as the attack focused on hot wallets rather than smart contracts.

• Malware/Tools: Not specified, but likely involved sophisticated tools for system infiltration and transaction manipulation, given the group's history.

• Other Technical Indicators: Suspicious outflows on the Tron network, unauthorized access to hot wallets and reporting infrastructure, detected by on-chain monitoring.

Threat Actor Analysis

Attribution Assessment

The attack was claimed by Gonjeshke Darande (Predatory Sparrow), a hacker group active since at least 2020, known for targeting Iranian critical infrastructure such as steel facilities, gas stations, and banks (CyberScoop Report). While the group claims independence, its sophisticated operations and focus on Iranian state entities suggest possible ties to Israeli military intelligence, with a LOW to MEDIUM confidence level based on historical patterns and geopolitical context.

Capability Assessment

Gonjeshke Darande has demonstrated advanced technical capabilities, including:

• Compromising secure systems, as seen in previous attacks on Iranian steel facilities and gas stations.

• Executing large-scale cryptocurrency thefts, as evidenced by the Nobitex attack.

• Conducting disruptive attacks on critical infrastructure, with controlled measures to limit collateral damage.

• Threatening to release source code and internal data, indicating deep system access and data exfiltration capabilities.

Intent Analysis

The attack appears motivated by ongoing geopolitical tensions between Israel and Iran, with Gonjeshke Darande accusing Nobitex of supporting the Iranian regime's financial operations and sanctions evasion, labeling it a "key regime tool for financing terrorism".

The use of a vanity address with an anti-Iranian message further supports this intent, aligning with their history of targeting entities perceived as part of Iranian military and financial infrastructure.

Impact Assessment

Immediate Financial Impact

• Loss of $48.6 million from hot wallets, primarily in USDT on the Tron network but also including BTC, DOGE and other EVM-compatible chains.

Strategic Implications

• The incident underscores the intersection of cybersecurity and geopolitics in the crypto space, with state-sponsored or state-aligned actors targeting financial infrastructure.

Appendices

Timeline of Events

• June 18, 2025, Morning: Nobitex detects unauthorized access to hot wallets and reporting infrastructure, suspends all access, and initiates internal investigation.

• June 18, 2025, Same Day: Gonjeshke Darande claims responsibility via X, threatening to release Nobitex's source code and internal data within 24 hours.

References and Sources

• Multiple news articles and on-chain analyses provided detailed insights into the incident, with Nobitex's official statement confirming the breach and outlining response measures.

Key Citations

• Iranian Crypto Exchange Nobitex Exploited for $73M Cointelegraph Report

• Iran's largest crypto exchange appears to have been exploited Cryptobriefing Report

• Iranian Crypto Exchange Nobitex Hacked for $47M by Suspected Israeli Group Coindesk Report

• Iran-based crypto exchange hacked for $48M amid cyberattack claims CryptoSlate Report

• Iranian Crypto Exchange Nobitex Loses $48 Million in Security Breach AInvest Report

• Iranian cryptocurrency exchange Nobitex suspected of being hacked Binance Square Report

• Hacking group tied to Israel claims to have carried out cyberattack Times of Israel Live Blog

• Iranian Crypto Exchange Hacked for $73 Million Watcher.Guru Report

• Iranian Crypto Exchange Nobitex Suspected of Hack Leading to Outflows Binance Square Report

• Nobitex Official Statement on Security Incident Nobitex X Post

• Nobitex Faces $48.65 Million Hack on Tron Network Coincu Report

• Iranian Crypto Exchange Nobitex Suffers $48.6 Million Exploit BeInCrypto Report

• Iran’s Nobitex Confirms $48M Hack, Vows Full Reimbursement Coinpedia Report

• Israel-linked group claims cyberattack that shut down 70% of Iran's gas stations Times of Israel Report

• Hacktivists claiming attack on Iranian steel facilities dump tranche of documents CyberScoop Report

• Pro-Israel hackers claim breach of Iranian bank amid military escalation The Record Report

• Predatory Sparrow claim cyberattack on Iran's gas stations CNBC Report