The blockchain intelligence company TRM Labs has raised the possibility that Israel’s cyber teams might have used information from a $90 million hack on Nobitex, Iran’s biggest crypto exchange, to catch Iranian spies. The hack that was implemented on 18th June, when money was stolen from hot wallets across different networks.
A group called Gonjeshke Darande, which supports Israel, had claimed it. A few days later, on June 24, Israel arrested three people, including 28-year-old Dmitri Cohen, who were suspected of spying for Iran by watching and spreading propaganda. Two of them were paid with cryptocurrency, and Cohen got $500 for each task.
TRM Labs reports state that these arrests mark a rare public case of state-sponsored spying using digital assets, which enable covert cross-border payments without banks.
The firm has also noted the time that Israel attacked Iran on June 13, the hack was implemented on June 18, and arrests were made on June 24, which makes them think there might be a connection, as war is going on between both countries, but no official has confirmed it yet.
TRM Labs believes the hackers could have used Nobitex’s private data, like wallet information or chat history, to help catch the spies. This fits with how Israel’s cyber teams and Gonjeshke Darande, who often target Iran’s government, work.
Chainalysis, a company that tracks crypto activity, also stated that Nobitex is a key part of Iran’s crypto system, helping people there connect to the global market since they can’t use regular banks due to sanctions.
However, Nobitex has been tied to illegal groups, like ransomware hackers linked to Iran’s IRGC and banned Russian exchanges, showing it’s important for secret operations. TRM Labs warns that even though there is no clear evidence linking the Nobitex hack to the spy investigation, the order of events makes it a reasonable guess.
The firm’s report points out that cryptocurrencies are being used more by governments for secret activities, especially as countries fight with each other. This means people in the crypto world need to be extra careful and be aware of these hacks because of these advanced cyber tricks driven by global tensions.
Also Read: $2.1B Lost in Crypto Seed Phrase & Front-End Attacks: TRM Labs
