$100 Million Iranian Cryptocurrency Hack

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Nobitex suffered a $100 million hack, Gotbit CEO was sentenced in a market manipulation and wash trading case, Tornado Cash’s Roman Storm gets support, Trump earned $57 million from crypto, North Korea-linked developer contributed to Cosmos codebase, Haru Invest CEO acquitted of fraud in South Korea, US authorities seized $225 million tied to investment scams and New York authorities disrupted a $1 million scam.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Iranian cryptocurrency exchange Nobitex experienced a cyberattack resulting in the loss of about $100 million. Pro-Israel hacker group Gonjeshke Darande, also called Predatory Sparrow, claimed responsibility, framing the attack as a political act in response to Iran’s support for terrorism and its evasion of international sanctions.

The hackers also posted Nobitex’s source code on X, exposing sensitive components related to privacy, user interface and exchange deployment. Blockchain analysis firms Chainalysis and Elliptic said the stolen funds were moved to vanity addresses that included anti-IRGC slogans but lacked private key access, effectively burning the funds and suggesting the attack was not financially motivated. Iranian authorities imposed operational limits on local crypto platforms after the hack.

Nobitex is Iran’s largest crypto exchange, with over $11 billion in inflows. It plays a central role in the country’s heavily sanctioned financial system. It facilitates global crypto access for Iranians barred from traditional finance and has been linked to sanctioned entities, including the Islamic Revolutionary Guard Corps, Hamas and sanctioned Russian exchanges like Garantex.

Aleksei Andriunin, founder and CEO of Gotbit, received a sentence of eight months in prison in the U.S. District Court in Massachusetts for orchestrating a multimillion-dollar wash trading scheme. The twenty-six-year-old also received one year of supervised release. Prosecutors said Andriunin and his firm manipulated cryptocurrency markets between 2018 and 2024 by artificially inflating trading volumes to boost token visibility and prices. He pleaded guilty in March to wire fraud and market manipulation after being arrested in Portugal in October and extradited to the United States in February. Gotbit, which marketed its services to crypto clients and used coded tools and multiple accounts to avoid detection, was sentenced to five years of probation and must cease operations. The firm reportedly received tens of millions of dollars from clients in exchange for its illicit services.

Crypto venture firm Paradigm filed an amicus brief in support of Roman Storm, co-founder of Tornado Cash, whose criminal trial is scheduled for July 14 in federal Manhattan court. Storm faces charges of money laundering and sanctions violations for allegedly facilitating illicit transactions through the crypto mixer. Paradigm argues that publishing peer-to-peer software like Tornado Cash does not equate to operating an illegal money-transmitting business, citing long-standing legal precedent and U.S. federal guidance. Storm has also denied the charges, claiming First Amendment protections. He is currently fundraising $2 million for his legal defense, with the Ethereum Foundation pledging $500,000 and offering to match another $750,000 in community donations. Prosecutors recently dropped one charge but are moving forward with others.

U.S. President Donald Trump disclosed earning more than $57 million from the sale of World Liberty Financial tokens in 2023, says a financial report filed with the Office of Government Ethics. The disclosure also shows that Trump holds 15.75 billion WLFI governance tokens, potentially granting him voting rights in the crypto project. Despite being branded the project’s “chief crypto advocate” alongside his sons, Trump and his family apparently hold no official roles at World Liberty.

The crypto firm raised $550 million through its most recent public token sale and plans to sell 63% of WLFI’s 100 billion token supply. The project is also promoting a U.S. dollar-backed stablecoin, USD1, which was recently airdropped to token holders. Trump’s ties to the project have sparked criticism from Democratic lawmakers, who raised concerns about conflicts of interest.

Interchain Labs said a developer with ties to North Korea contributed to Cosmos core repositories between 2022 and 2024 while working for a third-party vendor. The developer, known on GitHub as “cool-developer,” had limited access to two repositories – cosmos/IAVL and cosmos/cosmos-sdk – but most of his code has since been deprecated or excluded from the roadmap. Independent audits found no malicious code or lingering vulnerabilities.

The issue was discovered after ICL took over all Cosmos core stack development and implemented strict security and hiring protocols. The developer reapplied to ICL but was flagged and rejected. To encourage transparency, ICL is now offering double bug bounties for related vulnerabilities over the next month.

A South Korean court acquitted Haru Invest CEO Lee Hyung-soo of fraud charges, concluding that his actions did not meet the legal threshold for criminal deception, reported Digital Asset. Lee faced allegations of defrauding thousands of investors after Haru abruptly halted withdrawals in June 2023 and shuttered its office, having promised high annual returns of up to 25%.

Prosecutors initially accused Lee of misappropriating over $1 billion, later revising the amount to $650 million from 6,000 investors and requesting a 23-year sentence. The court cited the collapse of FTX as a key trigger for Haru’s liquidity crisis and accepted that the business had generated legitimate profits.

Co-CEOs of parent company Blockcrafters were also acquitted. Haru’s COO was found guilty of embezzlement and sentenced to two years in prison. The ruling does not absolve the executives of civil responsibility, and Lee has pledged to recover investor funds through bankruptcy proceedings.

U.S. federal authorities seized about $225.3 million in cryptocurrency linked to international investment scams, marking the largest crypto seizure in U.S. Secret Service history. The operation traced the funds using blockchain analysis to uncover a network involved in fraud, theft and money laundering.

Investigators said the seized digital wallets were part of a complex conspiracy that used hundreds of thousands of transactions to obscure the origins of the illicit funds. Victims included dozens in the U.S. and more than 400 globally, who were allegedly lured into fraudulent crypto investments that led to substantial financial losses.

New York state officials dismantled a cryptocurrency scam that used deceptive Facebook ads in Russian to defraud more than 300 victims, primarily Russian-speaking residents in Brooklyn. The scam, linked to the now-defunct site WhalesTrade.com, promised high returns through fake crypto investments, directing victims into WhatsApp and Telegram chats before defrauding them of more than $1 million.

The New York State Department of Financial Services said the scammers used stolen crypto to pay for domain registrations and Meta ads. Meta shut down over 700 Facebook accounts tied to the operation, which relied on misleading advertising tactics to deceive users. Court orders resulted in the seizure of $140,000 and the freezing of an additional $300,000 in crypto assets.

Victims were tricked into paying increasingly large sums, only to be blocked from withdrawing funds and asked to pay fake fees or taxes. The ongoing investigation began in October 2023.