Iran's encryption platform suffers a major attack, nearly 100 million dollars worth of assets destroyed

On June 18, 2025, a shocking security incident occurred in the cryptocurrency world. Iran's largest cryptocurrency platform was hacked, resulting in the abnormal transfer of a large number of assets. This incident involved multiple blockchain networks, including TRON, the Ethereum series, and Bitcoin.

According to preliminary assessments by security agencies, the losses caused by this attack have reached as high as $81.7 million. The affected trading platform subsequently issued a statement acknowledging that some of its infrastructure and hot wallets did indeed experience unauthorized access, but emphasized the overall safety of user funds.

Shockingly, the attackers not only transferred funds but also actively sent a large amount of assets to a special burn address. The total value of these "burned" assets is close to 100 million USD, demonstrating the attackers' unique motivation.

Event Timeline

June 18

• Security experts disclose that Iran's encryption trading platform has been attacked, with a large number of suspicious transactions appearing on the TRON chain.
• The affected platform has reported that some infrastructure and hot wallets have been accessed illegally and has taken immediate response measures.
• A hacker group claims responsibility for the attack and threatens to release the platform's source code and internal data.

June 19

• The victim platform has spoken out again, stating that it has completely blocked external access to its servers and confirmed that approximately $100 million in assets has been transferred to a burn address.
• The attacker claims to have destroyed approximately $90 million in encryption assets, referring to them as "sanctions evasion tools".
• The attacker has publicly disclosed part of the platform's source code.

Source Code Analysis

According to the publicly available source code information, the core system of this platform is mainly written in Python and uses Kubernetes for deployment management. It is initially speculated that the attacker may have entered the internal network to carry out the attack by breaching the operational defense line.

Capital Flow Analysis

The attacker used multiple special "burn addresses" to receive assets. Although these addresses meet the on-chain format requirements, once the funds are transferred in, they cannot be withdrawn, which is equivalent to permanent destruction. Some addresses also contain provocative text, clearly indicating malicious intent.

According to on-chain data analysis, this event involves multiple blockchain networks:

• TRON Network: Over 110,000 USDT transactions and nearly 3,000 TRX transactions occurred.
• Ethereum series networks: involving BSC, Ethereum mainnet, Arbitrum, Polygon, and Avalanche, etc.
• Bitcoin network: Approximately 18.47 BTC was transferred, involving over 2,000 transactions.
• Other networks: such as Dogecoin, Solana, TON, Harmony, and Ripple have also seen varying degrees of asset transfers.

Security Recommendations

This incident once again reminds the industry to pay attention to comprehensive security protection. For platforms that use hot wallets for daily operations, it is recommended:

1. Strictly isolate the permissions of hot and cold wallets, and regularly audit the access permissions of the hot wallet.
2. Use a real-time on-chain monitoring system to promptly obtain threat intelligence.
3. Collaborate with the on-chain anti-money laundering system to quickly identify abnormal capital flows.
4. Improve the emergency response mechanism to ensure effective response to attacks within the golden time.

As the investigation deepens, relevant agencies will continue to pay attention to the subsequent developments of this event and will timely release the latest progress.