Michaela
Global Ledger, a blockchain intelligence firm, has revealed that long before the recent $90 million hack on Iran’s top crypto exchange Nobitex, the platform had been routinely shifting user funds using patterns typically linked to money laundering operations.
According to Global Ledger’s investigation, on-chain data shows that the crypto exchange employed a method called peel chaining. This involves breaking large sums of cryptocurrency into smaller, hard-to-trace transactions through a series of wallet transfers.
Each transfer peels off a portion of the funds, sending the rest to a new address in a long chain of seemingly innocuous movements.
Global Ledger uncovered a recurring pattern in which Bitcoin (BTC) was cycled in steady batches of 30 BTC, an activity pointing to deliberate obfuscation.
Their investigation also revealed that Nobitex relied on temporary deposit and withdrawal addresses, a tactic known as “chip-off” transactions. These single-use wallets funnel funds into new destinations, effectively masking liquidity flows and complicating efforts to trace movement on-chain.
In the aftermath of the hack, Nobitex transferred 1,801 BTC, valued at $187.5 million. The exchange described the move as a precautionary step aimed at securing remaining assets.
Despite Nobitex labeling it a newly created “rescue wallet,” on-chain analysis shows the address had been active since October 2024—well before the hack. Blockchain data reveals it had been steadily receiving 20–30 BTC transfers consistent with laundering-style activity, long before the exchange claimed it was used as a post-attack safeguard.
“While Nobitex’s past wallet behavior raises concerns due to repeated use of peelchain-like structures, the current flows confirm that the platform retains substantial reserves post-hack,” the report wrote.
The technique obscures the final destination of funds, mirroring tactics often used to conceal crypto transactions. Rather than prompting a shift in Nobitex’s handling of assets, the hack appeared to expose ongoing behind-the-scenes practices.
On-chain behavior suggests the exchange had been using these methods well before the breach, and continued afterward, implying it may have been part of routine operations.
Read More
- 16 Billion Stolen Login Credentials Expose Crypto Wallets to Hacker Attacks
- Lazarus Group Blunder Reveals Crypto Hackers’ Hidden Trail
- Coinbase Hack Triggers DOJ Probe Into $400M Data Breach
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
