Cryptohack Roundup: US Strikes Iran's Crypto Network
Data Breach TodayArchived Jun 04, 2026✓ Full text saved
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran's largest exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3M AI crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis Pay.
Full text archived locally
✦ AI Summary· Claude Sonnet
Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Cryptohack Roundup: US Strikes Iran's Crypto Network
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit
Rashmi Ramesh (rashmiramesh_) • June 4, 2026
Credit Eligible
Get Permission
Image: Shutterstock
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran's largest crypto exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3 million artificial intelligence crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis Pay.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
US Sanctions Iran's Largest Crypto Exchange
The U.S. Department of the Treasury sanctioned Iran's largest cryptocurrency exchange Nobitex, along with three other Iranian digital asset platforms, accusing them of helping Tehran evade sanctions, finance prohibited activities and move funds outside the country.
The sanctions, announced by the Treasury's Office of Foreign Assets Control, targets Nobitex and its senior leadership, including co-founder and former CEO Amir Hossein Rad. Treasury officials allege that Nobitex processed more than half of all cryptocurrency inflows into Iran during 2025 and facilitated transactions linked to the country's security apparatus, including the Islamic Revolutionary Guard Corps and wallets associated with ransomware actors.
Treasury Secretary Scott Bessent said the sanctions form part of the administration's broader economic pressure campaign against Iran, against which the United States and Israel launched an air bombing campaign in late February. Officials contend that the exchange helped the Iranian government access international crypto markets, move wealth abroad and obtain stablecoins used to support the country's struggling rial currency.
The sanctions also target Iranian exchanges Wallex, Bitpin and Ramzinex. Treasury said the platforms collectively handled a significant share of Iran's cryptocurrency activity and were involved in transactions linked to sanctions evasion and government-connected entities.
OFAC additionally sanctioned several current and former Nobitex executives and co-founders. U.S. authorities allege that some company leaders maintained close ties to influential figures within Iran's political establishment.
US Seizes Iranian Crypto
U.S. seizures of Iranian-held cryptocurrency now tallies up to about $1 billion, Treasury Secretary Scott Bessent said, a figure that doubles the government's previously disclosed estimate.
Speaking at the Reagan National Economic Forum, Bessent said U.S. authorities believe Iran had been generating $400 million to $500 million a month through sanctions-evasion scams.
The latest figure represents a sharp increase from April, when Bessent said the government had seized nearly $500 million in Iranian crypto assets. At the time, he said the United States was freezing bank accounts and making it more difficult for individuals and organizations to conduct business with the Iranian regime.
According to blockchain analytics firm Arkham, the U.S. government currently holds about 328,372 bitcoin, making it the world's largest known state holder of the cryptocurrency. At current market prices, those holdings are worth more than $24 billion.
Former Hodlnaut CEO Charged Over TerraUSD Claims
Singapore authorities charged Zhu Juntao, the former CEO of collapsed crypto lender Hodlnaut, for allegedly misleading investors about the company's exposure to the TerraUSD crash.
Police said Zhu faces six charges linked to statements distributed through Hodlnaut's communication channels in 2022. Investigators allege he directed employees to publish messages on Telegram and send emails claiming that the company had no direct exposure to UST and had not suffered losses from the stablecoin's collapse. Authorities also allege that Zhu made similar statements on his personal account on X, formerly Twitter.
Hodlnaut, once a crypto lending platform serving more than 30,000 users worldwide, halted operations in August 2022 after running into liquidity problems. The collapse of TerraUSD in May 2022 caused the company losses of about $189.7 million.
If convicted, Zhu could face up to 20 years in prison, a fine, or both.
US SEC Charges Texas Man Over $12.3M AI Crypto Scheme
The U.S. Securities and Exchange Commission has sued a Texas man for operating a $12.3 million crypto investment fraud that allegedly relied on false claims about AI-powered trading bots and delivered returns using Ponzi-style payments.
A complaint filed in federal court in Houston showed Nathan Fuller, founder of Privvy Investments and operator of Gateway Digital Investments, raised money from roughly 150 investors across the United States and abroad between October 2022 and mid-2024. Fuller allegedly told investors that proprietary AI-driven bots could identify and exploit cryptocurrency price differences across trading platforms, promising returns of 40% to 50% within 30 to 45 days and, in some cases, guaranteed profits exceeding 100% in just three weeks.
The SEC alleges those claims were false. Investigators said Fuller used only about $380,000 of investor funds to purchase cryptocurrency and generated no trading profits. Instead, he allegedly spent at least $6.2 million on personal expenses, including a home, gambling, travel, a vehicle and collectibles, while using approximately $5.5 million to pay earlier investors.
Regulators also accused Fuller of fabricating credentials and protections, including a money-transmitter license, insurance coverage and a surety bond. The SEC said he even created a fictitious insurance company and altered documents to support his claims.
As investors sought withdrawals in 2024, Fuller allegedly launched a fake auditing firm and used ChatGPT to draft fraudulent communications that delayed payouts under the guise of compliance checks.
The case follows Fuller's earlier bankruptcy proceedings, during which he reportedly admitted to operating the business as a Ponzi scheme. The SEC is seeking financial penalties, repayment of ill-gotten gains, permanent injunctions and a ban on Fuller participating in future securities offerings.
Gravity Bridge Loses $5.4M in Suspected Key Compromise
Cross-chain protocol Gravity Bridge lost approximately $5.4 million in an exploit that researchers say stemmed from compromised signing keys, rather than a flaw in the bridge's smart contracts.
On-chain analyst Specter first identified the suspicious withdrawals, which were later confirmed by blockchain security firm PeckShield. An attacker gained access to the bridge's signing infrastructure and enabled a series of unauthorized withdrawals the system treated as legitimate transactions, they said.
PeckShield said the stolen assets included about $4.3 million in USDC, 274 wrapped ether worth roughly $553,000, $434,000 in tether and 14.16 PAXG tokens valued at about $64,000. The funds were transferred to wallets controlled by the attacker, who began moving and laundering portions of the proceeds through crypto services including ChangeNow and Binance. Wallets linked to the attacker still hold more than $4 million in ether.
The Gravity Bridge team acknowledged the incident and instructed validators to halt operations while the investigation continues. The bridge itself has been temporarily suspended.
Gravity Bridge enables transfers between ethereum and the Cosmos ecosystem by locking assets on one chain and issuing equivalent tokens on another. The researchers said the attacker may have obtained enough valid signing keys to authorize fraudulent withdrawals, pointing to a failure in the bridge's authorization layer rather than its underlying code.
Stake DAO Hit by Exploit
Decentralized finance platform Stake DAO was the victim of an exploit that allowed an attacker to mint trillions of fraudulent tokens and convert some of them into cryptocurrency with real market value.
Blockchain security firms reported the attacker minted more than 5.4 trillion vote-boosted vsdCRV tokens on the arbitrum network. Security researchers said the attacker has been swapping the tokens for ether and moving funds to the ethereum blockchain. Security researchers estimate that the attacker has already exchanged part of the haul for 43.78 ETH, worth about $91,000.
Stake DAO acknowledged the incident and warned users not to interact with the compromised vsdCRV token while the investigation continues.
Researchers said the attack stemmed from a compromised deployer private key. BlockSec said the attacker appears to have gained control of the key and altered a critical configuration by assigning an arbitrary peer to the vsdCRV contract. The attacker then used that access to forge a malicious message that triggered the unrestricted creation of approximately 5.44 trillion vsdCRV tokens.
Gnosis Pay Exploit Targets Delay Module
Attackers hacked Gnosis' Pay platform after targeting a vulnerability in the system's Zodiac delay module, said co-founder and CEO Martin Koppelmann.
Koppelmann said the company is working to contain the attack and has pledged to reimburse any affected users. Blockchain security firm PeckShield also warned users to assess their exposure as the exploit unfolded.
The vulnerability involves the Zodiac delay module, a permissions tool that queues transactions before execution. Koppelmann said the attacker can initiate transactions from certain Safe wallets that use the module. As part of its response, Gnosis has asked bridge validators to pause operations while investigators work to limit further damage.
Gnosis said that the issue affects Gnosis Pay's implementation of the delay module and not the core smart contracts of Safe, which became an independent company in 2022. But Gnosis Pay relies on Safe's wallet infrastructure to secure user accounts, making the two systems closely connected.
The scale of the exploit and any confirmed losses are unclear.