Iranian encryption trading platform suffers hacker attack, nearly 100 million USD in funds affected

On June 18, 2025, a hacker attack targeting Iran's largest encryption trading platform sparked widespread attention. According to multiple sources, some of the platform's infrastructure and hot wallets were accessed without authorization, leading to the abnormal transfer of a large number of assets.

Preliminary estimates show that this incident involves multiple networks such as TRON, EVM, and BTC, with a total affected asset value of approximately $81.7 million. Even more shocking is that the attackers not only transferred the funds but also actively moved a large amount of assets to a specially designated burn address, with the value of the "burned" assets approaching $100 million.

After the incident, the trading platform quickly took action to cut off external interfaces and initiate an investigation. The platform emphasized that the vast majority of assets are stored in unaffected cold wallets, and this intrusion was limited to a portion of hot wallets used for daily liquidity.

It is worth noting that a hacker organization calling itself Predatory Sparrow has claimed responsibility for this attack. The organization not only publicly disclosed the platform's source code but also claimed to have destroyed approximately $90 million in encryption assets, referring to them as "sanction evasion tools."

According to security analysis, the attacker used multiple seemingly legitimate but actually uncontrollable "burn addresses" to receive assets. These addresses, although they comply with on-chain address format verification rules and can successfully receive assets, are equivalent to permanent destruction once funds are transferred in. It is even more noteworthy that these addresses also contain obvious emotional and provocative language.

Detailed on-chain analysis shows that this attack involved multiple blockchain networks, including TRON, BSC, Ethereum, Arbitrum, Polygon, Avalanche, Bitcoin, Dogechain, Solana, TON, Harmony, and Ripple. The stolen assets were diverse, including mainstream tokens from various ecosystems as well as multiple tokens such as UNI, LINK, and SHIB.

This incident highlights the importance of security protection for cryptocurrency trading platforms once again. Industry experts suggest that platforms should take the following measures to enhance security:

1. Strictly isolate the permissions and access paths of hot and cold wallets, and regularly audit the access permissions of the hot wallet.
2. Adopt a real-time on-chain monitoring system to timely obtain comprehensive threat intelligence and dynamic security information.
3. Coordinate with the on-chain anti-money laundering system to promptly detect abnormal fund flows.
4. Strengthen the emergency response mechanism to ensure effective response within the critical time window after an attack occurs.

With the continuous development of the cryptocurrency industry, security issues have become increasingly important. This incident has undoubtedly sounded the alarm for the industry, reminding all parties that there is a need to continuously improve security measures to cope with the increasingly complex challenges of cybersecurity.