Exchange's leaked code reveals intent to evade regulation, potentially aiding financial crime

Nobitex's leaked code reveals intent to evade regulation, potentially aiding financial crime. A person wearing the "Anonymous" mask pictured. (Image source: Robert Stump, via Unsplash)

A recent report from TRM Labs has shed light on the inner workings of Nobitex, Iran's largest cryptocurrency exchange. TRM’s analysis revealed that the platform was built with obfuscation tools, VIP bypass logic, and deep integration into Iran’s restricted banking system — raising serious concerns about the intent behind its design.

Chibuike Okpara, Published 07/02/2025

In the aftermath of a politically motivated hack that drained $90 million from its wallets, an even more significant security breach hit the Iranian crypto exchange Nobitex — the public leak of its entire source code. An analysis of this code by blockchain intelligence firm TRM Labs revealed a platform built not just for trading, but as a sophisticated instrument for operating under the radar of global financial regulations.

The code revealed that Nobitex had been designed with a suite of custom anti-surveillance modules created specifically to undermine the blockchain analysis tools used by compliance teams and regulators. According to a leaked internal privacy memo, the explicit goal of these tools was to evade detection by US authorities like FinCEN by anonymizing transactions and obscuring user identities.

Here is all TRM Labs found:

Segmented wallet infrastructure. The leaked source code revealed a multi-layered wallet architecture, separating hot and cold wallets across internally routed servers. While designed for scale, the segmentation has potential weaknesses that could be exploited by attackers.
Integration with Iran's domestic banking system. Nobitex was deeply embedded within Iran's fiat payment ecosystem, with live API credentials for platforms like Shetab, Pay.ir, Vandar, and IDPay. This integration enables real-time fiat deposits, withdrawals, and account verification, potentially allowing users to bypass international banking sanctions.
Privacy engineering. The exchange's developers prioritized privacy, implementing anti-surveillance modules like owshen, zpk, and incentivized mixer to undermine blockchain intelligence. These tools introduced stealth address generation, transaction batching, and real-time endpoint switching to evade detection.
VIP user logic. Internal documentation showed that VIP users were routed through privileged logic that bypassed standard compliance checks, potentially insulating politically sensitive or sanctioned users from scrutiny.

The report concluded that the exchange’s modular design made it a forkable, “plug-and-play” blueprint for other rogue operators, raising the risk of its architecture being duplicated in other sanctioned jurisdictions.

Source(s)

TRM Labs

Ernw found a critical flaw in Linux systems. A Guy Fawkes mask pictured. (Image source: Robert Stump, via Unsplash)

Hidden flaw in Linux (Ubuntu and Fedora) laptops allows full system compromise 07/05/2025

U.S. Treasury sanctions Russia-based bulletproof hosting provider for enabling cybercriminal activity 07/02/2025

A photograph of a Qantas airplane flying in deep blue skies. (Image: Vismay Bhadra/Wikimedia Commons)

Millions affected in massive Qantas security breach 07/02/2025

An "Anonymous" mask, accepted internationally as the symbol of hackers (Image source: Robert Stump, via Unsplash)

Record $2.1B lost to crypto hacks in H1 2025 as $9.32B of illicit funds moved in 2024 07/01/2025

Some earbuds and headsets have been found to have critical vulnerabilities. An Apple EarPod pictured (Image source: Nik, via Unsplash)

Bugs: Earbuds from JBL, Sony, and others found to have bugs that can turn them into spy devices 06/29/2025

A developer navigates complex source code workflows, where permission misconfigurations and automation can introduce silent risks such as the GerriScary vulnerability disclosed in Google's Gerrit-based projects (Image source: Freepik)

"GerriScary" vulnerability in Gerrit exposed code integrity risk across key Google projects 06/28/2025

China is regulating the transport of power banks on domestic flights. (Symbolic image, source: Marcus Herbrich)

Power banks manufactured before 2024 now banned from air travel in China 06/28/2025

Intel rapidly loses server CPU market share. A few Xeon CPUs side-by-side pictured. (Image source: Intel)

Intel server CPU share shrinks to 62% — AMD still trails, but gap narrows 06/27/2025

A police officer cutting into the Bitcoin ATM with a hand-held abrasive saw (Image source: Jasper County Sheriff’s Office via Facebook; cropped)

Police saw into Bitcoin ATM to recover $25,000, but innocent owner takes the hit 06/22/2025

Qualcomm announces a new acquisition. (Image source: Qualcomm)

Qualcomm announces acquisition of Alphawave Semi 06/09/2025

Princeton warns of context manipulation attacks on Web3 AI agents. Pictured: A girl holding a robot's hand (Image source: Andy Kelly, Unsplash)

Study shows memory attacks can hijack AI agents to transfer crypto assets 05/13/2025

Cabbage branding connects playful visual identity with smart DeFi tooling (Image source: Stader Labs)

Cabbage by Stader Labs combines AI trading and strategic buybacks in DeFi’s boldest move yet 04/16/2025

Promotional still of Affyn’s Singapore-based headquarters, featured in early marketing for the NEXUS World metaverse platform (Image source: Affyn via Newsfile)

Web3 gaming projects face pressure as Affyn CEO warns of delays and uncertainty 04/12/2025

Loading Comments

Comment on this article

The 27-inch Alienware QHD OLED gami...

Apple’s 5.5 mm iPhone Air to replac...

Chibuike Okpara - Tech Writer - 54 articles published on Notebookcheck since 2024

I have always been fascinated by technology and digital devices my entire life and even got addicted to it. I have always marveled at the intricacy of even the simplest digital devices and systems around us. I have been writing and publishing articles online for about 6 years now, just about a year ago, I found myself lost in the marvel of smartphones and laptops we have in our hands every day. I developed a passion for learning about new devices and technologies that come with them and at some point, I asked myself, "Why not get into writing tech articles?" It is useless to say I followed up the idea — it is evident. I am an open-minded individual who derives an infinite amount of joy from researching and discovering new information, I believe there is so much to learn and such a short life to live, so I put my time to good use — learning new things. I am a 'bookworm' of the internet and digital devices. When I am not writing, you will find me on my devices still, I do explore and admire the beauty of nature and creatures. I am a fast learner and quickly adapt to changes, always looking forward to new adventures.

Please share our article, every link counts!