Analysis of Nobitex’s Security Breach
An in-depth analysis by Global Ledger, a firm specializing in blockchain intelligence, has uncovered troubling activities at Nobitex, Iran’s leading cryptocurrency exchange, before its recent significant security breach resulting in a $90 million theft.
Questionable Practices Uncovered
Investigators from Global Ledger discovered that Nobitex had engaged in questionable practices resembling money laundering well ahead of the hack, particularly employing a technique known as peel chaining. This strategy entails splitting large cryptocurrency amounts into smaller, less traceable transactions that traverse through various wallet addresses, obscuring the path of funds.
According to the firm’s findings, Nobitex consistently cycled Bitcoin in chunks of 30 BTC, a pattern indicating intentional efforts to disguise the flow of assets. Furthermore, the exchange utilized ephemeral deposit and withdrawal addresses, a technique referred to as “chip-off” transactions. These temporary wallets are crafted for single transactions, funneling funds into new addresses, thereby concealing the liquidity movements and complicating on-chain tracking.
Post-Hack Actions and Concerns
In the wake of the hack, Nobitex took precautionary action by transferring a significant sum of 1,801 BTC, worth approximately $187.5 million. While the exchange portrayed this transfer as the establishment of a new “rescue wallet” intended to protect its remaining assets, investigation of the blockchain revealed that the address had been in use since October 2024, prior to the breach.
On-chain data indicated that it had been consistently receiving Bitcoin in amounts ranging from 20 to 30 BTC—a behavior consistent with known laundering techniques.
Implications for Nobitex’s Integrity
Global Ledger’s report articulated concerns over Nobitex’s long-standing use of peel chain tactics, highlighting that despite the hack, the exchange seemed to maintain a healthy reserve of assets. The findings imply that rather than prompting Nobitex to reevaluate its asset management practices, the incident revealed pre-existing and ongoing patterns of asset concealment.
This situation raises critical questions about the integrity and operational transparency of the exchange in light of these practices.
