Iran’s central bank has imposed operating hour restrictions on all domestic cryptocurrency exchanges following a major security breach, limiting operations to between 10 AM and 8 PM.
The new rules come after Nobitex, Iran’s largest crypto exchange, was hit by a politically motivated exploit on Wednesday. The pro-Israel hacker group Gonjeshke Darande, also known as Predatory Sparrow, claimed responsibility for the attack. Blockchain analysis firm Chainalysis confirms the group stole cryptocurrencies including BTC, ETH, DOGE, XRP, and SOL, with Nobitex estimating the value at $100 million.
The attackers then sent the funds to inaccessible “burner addresses,” effectively destroying them rather than profiting. Chainalysis analysts suggest this indicates the hack’s intent was political, aimed at disrupting the regime’s financial tools. The curfew on exchanges is seen as an effort to better manage future attacks and potentially exert greater control over capital flight amid heightened geopolitical conflict with Israel.
Nobitex acknowledged the breach, stating the situation is “under control” and that all user losses will be covered by its reserve fund. The exchange has cut external server access and is migrating assets from online hot wallets to offline cold storage, though it warned that restoring full user access may be delayed due to ongoing national internet disruptions.
The incident highlights Nobitex’s critical role in Iran’s economy. According to Chainalysis, the exchange has processed over $11 billion in total inflows, more than the next ten largest Iranian exchanges combined, making it a key gateway to global markets for a sanctioned nation. The firm also noted Nobitex’s on-chain links to sanctioned Russian exchanges and groups designated as terrorists in the West, including Houthi rebels.
