ZachXBT, a respected onchain investigator, reports that the Iranian cryptocurrency exchange Nobitex has seemingly been targeted for a whopping $73 million in digital assets. The exploit was first disclosed on a June 18 Telegram post.
It is alleged that the attackers drained at least $73 million from assets within the Tron network and Ethereum Virtual Machine (EVM)-compatible blockchains. However, only a segment of this amount has been confirmed as lost so far.
ZachXBT identified the attackers’ use of a “vanity address” to breach the protocol, leading to “suspicious outflows” from numerous wallets linked to Nobitex. A vanity address is a public wallet address that features a specific sequence of characters chosen by the user.
The first theft of $49 million was reportedly conducted through the address “TKFuckiRGCTerroristsNoBiTEXy2r7mNX.” The second address employed was “0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead,” as per Tronscan.
The security breach contributes to the rising tally of crypto industry hacks in 2025. As reported by blockchain security firm CertiK, digital assets worth more than $2.1 billion have been stolen in this year alone. Hackers have now diversified their strategies from exploiting blockchain infrastructure to capitalizing on human weaknesses, says Ronghui Gu, co-founder of CertiK.
Gu explained during the Chain Reaction daily X spaces show on June 2, “The majority of this $2.1 billion was caused by wallet compromises, key mismanagement and operational issues.”
In schemes like address poisoning, hackers don’t need to employ any technical hacking techniques. Rather, they manipulate victims into transferring assets to fraudulent wallet addresses.
This is an ongoing story and will be updated as more details become available.
