After Iranian’s largest cryptocurrency platform, Nobitex, was exploited, resulting in the loss of more than $90 million in assets spanning a range of cryptocurrencies, including Bitcoin, Ethereum, Dogecoin, Ripple, Solana, Tron, and Ton, in the aftermath, the Iranian government has since then asked crypto exchanges to limit their operational hours from 10 am to 8 pm.

The exploitation was carried out by a pro-Israel group known as Gonjeshke Darande framing the attack as a politically motivated strike against Iranian digital infrastructure. Notably, Chainalysis analysis indicates that this is the case, the attacker-controlled wallets were burner addresses lacking private key access, suggesting that the theft of more than $90 million was likely politically motivated, rather than financial in nature. While this is the first hack of this scale exclusively for geopolitical purposes, this is not the first time there’s been increased activity during windows of high geopolitical tensions between Israel and Iran, as noted in our 2024 Crypto Crime Report.

Israel is attacking the financial infrastructure of Iran, both with ATMs and crypto exchanges. Because of the sanctions, crypto exchanges like Nobitex have become the access platform for Iranians who want to access global crypto markets. Nobitex’s total inflows are well over $11 billion, compared to just under $7.5 billion for the next ten largest Iranian exchanges combined.

In the immediate aftermath of the exploit, Nobitex issued a public statement, assuring users that their funds were safe. While on-chain analysis confirms that the attacker burned the stolen funds, making them irretrievable, Nobitex has taken additional steps to reinforce user trust. Notably, the exchange has moved large quantities of Bitcoin to what appear to be newly established cold storage wallets, an effort likely aimed at bolstering its security posture and reducing exposure to similar future attacks.

Beyond Nobitex itself, the incident appears to have triggered a wider response from the Iranian regime. According to reports, the Central Bank of Iran has directed all domestic crypto exchanges to limit their operating hours to between 10 AM and 8 PM.

According to ZachXBT, an internet sleuth with over 500 hundred thousand followers on Twitter, Bahrain and UAE regulated crypto broker, RAIN, has been likely exploited for $14.8 million. The exploit happened on April 29th and according to ZacHxbt no statement was made by RAIN on the incident.

On the contrary on May 6th RAIN Bahrain tweeted “It was our pleasure to have our General Manager of Bahrain Mohamed Ateeq speak at the Sixth Innovation and Entrepreneurship Forum, organized by the University of Bahrain as part of the Manama week events by the Southern Municipality. It is always a pleasure for us to share Rain’s journey that lay the foundations for the crypto sector in the MENA region.”

According to ZachXBT on TME, “It appears the crypto exchange Rain was likely exploited for $14.8M on April 29, 2024 after their BTC, ETH, SOL, and XRP wallets saw suspicious outflows. Funds were quickly transferred to instant exchanges and swapped for BTC and ETH.”

He added, “As of now Rain has yet to make any statement about the incident.”

He noted that the stolen funds currently sit on these addresses

137.9 BTC

bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2 (https://mempool.space/address/bc1q53aawrkpt5lvk2e30z36unvmhqqdru7q4rprp2)

1881 ETH

0x197bc094f990261fd6841342901c451858756c28 (https://etherscan.io/address/0x197bc094f990261fd6841342901c451858756c28)

RAIN crypto exchange had received a license both from the Central Bank of Bahrain as well as ADGM in Abu Dhabi. In Bahrain Rain Management W.L.L. is licensed by the Central Bank of Bahrain as a Category 3 Crypto-Asset Services Provider. It received its license back in 2019.

In 2022, RAIN Crypto exchange raised $110 in a Series B funding round. The round was co-led by Paradigm and Kleiner Perkins with participation from multiple parties including Coinbase Ventures, Global Founders Capital, MEVP, Cadenza Ventures, and CMT Digital.

As per RAIN’s website it is backed by MEVP (Middle East Venture Partners), Dubai International Financial Centre, Coinbase, Paradigm, and KleinerPerkins.

In July 2023 RAIN received a fully regulated crypto broker license in UAE through ADGM.

Lara on the Block tried to get in touch with executives from RAIN but without avail. UAE ADGM also has no official statement to make at this time. The Central Bank of Bahrain could not be reached at this time.

Touting itself as “The most trusted cryptocurrency platform” if this turns out to be true it will have negative effects on crypto sentiments in the region. Crypto investors lost $2 billion to hacks and exploits last year and $333 million in Q1 of 2024.