XRP Network Hit as Nobitex Code Leaked After Major Hack

XRP has once again found itself in the spotlight following a major cybersecurity incident involving Iranian cryptocurrency exchange Nobitex. The hacking group known as Gonjeshke Darande released Nobitex’s entire source code just a day after orchestrating a massive multi-blockchain exploit, causing significant damage across networks including Bitcoin, EVM-compatible chains, and the XRP Ledger.

This dramatic move comes amid escalating geopolitical tensions between Iran and Israel, particularly as the conflict enters its second week. The fallout from the hack, valued at over $100 million in stolen assets, has heightened alarm throughout the digital asset community—especially for users of the affected blockchains such as XRP.

Originally reported by CoinDesk, the attackers—believed to be pro-Israel operatives—targeted Nobitex in a coordinated strike. Following the hack, the same group took to platform X to confirm the release of the compromised code, warning, “ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.”

The consequences of this public source code leak are severe. It revealed intimate backend technologies, including blockchain integration scripts, privacy configuration files, and a full list of servers, creating an open invitation for further exploitation from malicious entities. This data breach not only affects Nobitex’s internal operations but also the security of connected chains like the XRP Ledger.

What makes this incident even more alarming is that the hackers appear to have intentionally destroyed over $90 million in tokens by transferring them to so-called ‘burner’ wallets—addresses purposely created without corresponding private keys. In doing so, the attackers ensured that the stolen funds could not be recovered. Various cryptocurrency ecosystems were touched, including Bitcoin, Ethereum-compatible chains, XRP, Dogecoin, Solana, and others.

Some of these transactions were recorded on the blockchain using boldly provocative vanity addresses like “1FuckiRGCTerroristsNoBiTEXXXaAovLX.” These wallet names imply an aggressive political stance and were likely generated using brute-force techniques. The term “IRGC” references the Islamic Revolutionary Guard Corps, a key component of Iran’s military infrastructure. The hackers accused Nobitex of being instrumental in helping Iran substantially evade international sanctions and referred to the exchange as the “regime’s favorite sanctions violation tool.”

The Ripple community has expressed growing concern, particularly because the XRP network was explicitly named among the affected parties in the incident. Cybersecurity experts caution that code leaks like this drastically increase system vulnerabilities, potentially inviting further cyberattacks on any services using or mirroring the same backend infrastructure.

Despite the severity of the hack and the subsequent code leak, Nobitex issued a statement on Thursday claiming that the breach had been contained, and no further assets were compromised afterward. The exchange also announced intentions to begin restoring its services within five days. However, persistent internet instability in Iran may hamper recovery efforts, delaying users’ access to their funds and account management tools.

This latest incident underscores the growing risk of cyberattacks in politically volatile regions and their ripple effects—no pun intended—on major blockchain ecosystems. For Ripple’s XRP, which has long pitched enterprise-grade security and institutional adoption, headlines connecting the token to large-scale hacks can be reputation-damaging, regardless of culpability.

Related: Expert Advice: Sell XRP If You’re Confused

The situation continues to evolve as security auditors, blockchain analysts, and affected users rush to assess the full scope of the breach. As of now, holders of tokens involved—particularly XRP—are urged to exercise caution and monitor official updates from both Nobitex and broader network incident analyses.