Iran's large encryption trading platform suffers a serious security incident, affecting approximately $100 million in assets.

On June 18, 2025, a major encryption currency security incident attracted widespread attention in the industry. According to reports, Iran's largest encryption trading platform suffered a serious hacker attack, resulting in a significant amount of assets being illegally transferred.

The incident was initially disclosed by on-chain detectives and was subsequently confirmed by multiple parties. Preliminary estimates suggest that the total value of the assets involved in this incident is approximately $81.7 million, covering multiple networks including TRON, EVM, and BTC.

The trading platform subsequently issued a statement acknowledging that some infrastructure and hot wallets did indeed experience unauthorized access. However, the platform emphasized that the vast majority of user funds are stored in cold wallets and were not affected.

It is worth noting that the attackers not only transferred a large amount of funds but also took some unusual actions. They moved a significant amount of assets to a special "burn address". These addresses conform to the on-chain address format, but once funds are sent there, they cannot be withdrawn, effectively resulting in permanent destruction. It is estimated that the assets "burned" are valued at nearly $100 million.

After the incident, a hacker group calling itself Predatory Sparrow claimed responsibility for the attack. The group stated that they would release the source code and internal data of the platform within 24 hours. The next day, the group did indeed disclose some source code information.

According to publicly available information, the core system of the trading platform is mainly written in Python and deployed and managed using K8s. Industry experts speculate that the attacker may have breached the operations boundary, thus entering the internal network to carry out the attack.

On-chain analysis shows that attackers have conducted a large number of transactions across multiple blockchain networks. On the TRON network alone, over 110,000 USDT transactions and nearly 3,000 TRX transactions were completed. On EVM-compatible chains such as Ethereum, BSC, Arbitrum, Polygon, and Avalanche, attackers stole various tokens, including mainstream cryptocurrencies. In addition, approximately 18.47 BTC was stolen from the Bitcoin network, and nearly 40 million DOGE was stolen from Dogechain.

This incident once again highlights the security challenges faced by cryptocurrency trading platforms. Industry experts suggest that platforms should further strengthen their security measures, especially for those that operate using hot wallets for daily transactions. Specific recommendations include:

1. Strictly isolate the permissions and access paths of hot and cold wallets, and regularly audit the calling permissions of the hot wallet.
2. Use a real-time on-chain monitoring system to timely obtain comprehensive threat intelligence.
3. Cooperate with the on-chain anti-money laundering system to promptly detect abnormal capital flows.
4. Strengthen the emergency response mechanism to ensure effective response to attacks within the golden window.

Currently, the investigation into the incident is still ongoing. The relevant security teams have stated that they will continue to monitor the situation and provide timely updates on the latest developments.