··

Nobitex Hack Unmasks Months of Hidden Bitcoin Movements

June 26, 2025
by
Image from The Shib Daily
ā€‹ā€Œā€‹ā€Œā€‹ā€‹ā€Œā€Œā€‹ā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€‹ā€‹ā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€Œā€‹ā€Œā€‹ā€‹ā€‹ā€‹ā€Œā€‹ā€‹ā€Œā€‹ā€Œā€Œā€Œā€Œā€Œā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€Œā€Œā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€‹ā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€‹ā€Œā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€Œā€‹ā€Œā€‹ā€Œā€Œā€Œā€Œā€Œā€‹ā€Œā€Œā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€Œā€Œā€‹ā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€‹ā€‹ā€Œā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€Œā€Œā€Œā€‹ā€Œā€Œā€‹ā€‹ā€Œā€‹ā€‹ā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€Œā€‹ā€Œā€Œā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€Œā€‹ā€‹ā€Œā€‹ā€Œ

Global Ledger, a blockchain intelligence firm, has revealed that long before the recent $90 million hack on Iranā€™s top crypto exchange Nobitex, the platform had been routinely shifting user funds using patterns typically linked to money laundering operations.

According to Global Ledgerā€™s investigation, on-chain data shows that the crypto exchange employed a method called peel chaining. This involves breaking large sums of cryptocurrency into smaller, hard-to-trace transactions through a series of wallet transfers.

Each transfer peels off a portion of the funds, sending the rest to a new address in a long chain of seemingly innocuous movements.

Global Ledger uncovered a recurring pattern in which Bitcoin (BTC) was cycled in steady batches of 30 BTC, an activity pointing to deliberate obfuscation.

Related: Industry Celebrates the New $70M Domain Mogul But His Crypto Shadows Linger

Their investigation also revealed that Nobitex relied on temporary deposit and withdrawal addresses, a tactic known as ā€œchip-offā€ transactions. These single-use wallets funnel funds into new destinations, effectively masking liquidity flows and complicating efforts to trace movement on-chain.

In the aftermath of the hack, Nobitex transferred 1,801 BTC, valued at $187.5 million. The exchange described the move as a precautionary step aimed at securing remaining assets.


Despite Nobitex labeling it a newly created ā€œrescue wallet,ā€ on-chain analysis shows the address had been active since October 2024ā€”well before the hack. Blockchain data reveals it had been steadily receiving 20ā€“30 BTC transfers consistent with laundering-style activity, long before the exchange claimed it was used as a post-attack safeguard.

ā€œWhile Nobitex’s past wallet behavior raises concerns due to repeated use of peelchain-like structures, the current flows confirm that the platform retains substantial reserves post-hack,ā€ the report wrote. 

Related: Crypto Titans Bunker Down Now: Vitalik’s Austerity Vow, Binance $1B Bitcoin Shield

The technique obscures the final destination of funds, mirroring tactics often used to conceal crypto transactions. Rather than prompting a shift in Nobitexā€™s handling of assets, the hack appeared to expose ongoing behind-the-scenes practices.

On-chain behavior suggests the exchange had been using these methods well before the breach, and continued afterward, implying it may have been part of routine operations.

Read More

MICHAELA

MICHAELA

Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.

Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is the official publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.

Related Posts

Image from The Shib Daily
Previous Story

zkLend Shuts Down After $9.5M Hack and Token Delisting Woes

Image from The Shib Daily
Next Story

Fuzzland Reveals Insider Behind $2M UniBTC Hack at Bedrock