Nobitex Exchange Hack: When Private Keys Go Public

Pathways to Loss and Operational Breach

In June 2025, Nobitex—Iran’s largest crypto exchange—was breached, resulting in a $90 million loss and the public exposure of sensitive trading and user data. The root of the incident traced to compromised admin private keys, which were extracted via a coordinated campaign of nation-state-backed phishing (using crafted, localized email payloads) and internal endpoint malware that logged key management dashboard activity. Once attackers obtained the master key, they efficiently drained primary exchange wallets across multiple blockchains in just over two hours.

This hack was unique in that, alongside funds, attackers exfiltrated full wallet signing logs, internal docs, and customer trade data, causing a wider crisis of confidence. The internal investigation revealed that Nobitex had failed to enforce isolated, hardware-managed signing for high-value transfers; keyholders reused credentials across both admin and IT systems, making them susceptible to password spear-phishing and device compromise. The delayed response—Nobitex did not immediately trigger wallet rotations or user-wide withdrawal freezes—allowed attackers to remove capital and to leak documents that amplified the panic, compounding both reputational and actual damage.

Building Defense Beyond the Ledger

In response, Nobitex reengineered its security stack: all hot wallets must now run on distributed, hardware-secured multi-signature platforms, with no full key ever residing on a single device. Privileged staff credentials were reissued via biometric devices and entirely segmented from IT and ops accounts. Withdrawal operations for sums over a preset threshold now require out-of-band, dual-continent approvals and independent anti-fraud review. Key management logs are immutably stored both on-chain and in secured offline enclaves, so audit trails cannot be tampered with retroactively.

On the public front, Nobitex introduced a transparency dashboard listing all emergency hot/cold wallet transitions and ongoing post-mortem status of funds. Across the region, this breach led several peer exchanges to accelerate their own governance and opsec upgrades—helping shape a new, higher baseline for custodial platform safety in emerging crypto markets. The Nobitex case underscores that, at the end of the day, digital asset custody is not just about the encryption—it’s about institutional discipline, hardware, and relentless vigilance against sophisticated attackers.