Hackers behind a $100 million exploit of Iranian cryptocurrency exchange Nobitex released the platform’s full source code, placing remaining user assets at risk.

Nobitex exchange was hacked for at least $100 million of cryptocurrencies on Wednesday by a pro-Israel group calling itself “Gonjeshke Darande,” which claimed responsibility for the attack.

In the latest turn of events, the group said it had made good on its earlier threat to leak the code and internal files of the exchange.

“Time’s up - full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” Gonjeshke Darande wrote in an X post on Thursday.

The X thread detailed key security measures of the exchange, including its privacy settings, blockchain cold scripts, list of servers and a zip file containing the full source code to the Nobitex exchange.

The source code was leaked a day after the group took responsibility for the exploit, promising to release the exchange’s source code and internal files within 24 hours.

The hackers said they targeted the exchange because it has ties to Iran’s government and participates in funding activities that violate international sanctions.

The wallet addresses used for the exploit suggest it was a “political statement rather than a typical financially motivated theft,” Yehor Rudytsia, a security researcher at blockchain security firm Hacken, told Cointelegraph.

“On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins,” he said.

Nobitex said on Thursday that no additional financial losses had occurred and that it expects to begin restoring services within five days. However, the exchange noted that internet disruptions due to the ongoing Iranian crisis were slowing progress.

The hack occurred on the fifth day of renewed conflict between Israel and Iran.

The two countries have been exchanging strategic missile strikes since Friday, when Israel launched multiple strikes on targets in Iran, marking the largest attack on the country since the Iran-Iraq War in the 1980s.

Gonjeshke Darande confirms $90 million asset burn

The hackers confirmed that the majority of the stolen funds were burned or permanently removed from circulation.

Gonjeshke Darande said in an X post: “8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.”

Nobitex users are now awaiting a public video statement from CEO Amir Rad, who is expected to outline the platform’s recovery and next steps.

In response to the hack, the central bank of Iran reportedly imposed a curfew on domestic crypto exchanges, limiting operating hours to between 10 am and 8 pm, according to multiple reports cited by Chainalysis.