Nobitex, a major cryptocurrency exchange based in Iran, is allegedly at the center of a severe security threat circulating on a hacker forum. A threat actor has put a critical zero-day exploit up for sale, claiming it targets the company’s corporate email infrastructure. The seller alleges the exploit allows for a complete takeover of the company’s mail domain, creating a significant risk of sophisticated fraud, malware campaigns, and reputational damage. The exploit is being offered exclusively to a single buyer for a price of 10 BTC.
According to the post, the vulnerability is an SMTP server misconfiguration that enables an authentication bypass, allowing a malicious actor to send emails directly from Nobitex’s official servers without being detected. The potential use cases are severe, including Business Email Compromise (BEC), distribution of ransomware, and highly credible phishing attacks. The seller claims the exploit is currently unpatched and not detected by any firewalls or antivirus solutions.
In addition to the exploit itself, the threat actor claims to be selling associated data allegedly obtained from the company. The seller also noted that they had previously attempted to contact the leadership and security team at Nobitex about the issue but were ignored. The data allegedly for sale includes:
- A list of over 50,000 customer mail addresses
- A list of employee mail addresses
