| June 23, 2025 Iran Just Learned Crypto’s Core Lesson the Hard Way Dear Subscriber, At the crossroads of geopolitics and cryptocurrency, a new incident reinforces one of crypto’s oldest — and most important — mantras … Not your keys, not your crypto. More simply, if you don’t maintain control of your digital keys, you don’t own the coins in that wallet. I’ve highlighted the importance of self-custody in the past. But recent events highlight just how important it really is. A Silent Heist in the Midst of War Over the past 11 days, the broader crypto market has dropped nearly 9% amid escalating conflict between Israel, Iran and now the U.S. But while market volatility made headlines, a quieter yet serious breach unfolded in the background: $90 million in digital assets were rendered permanently inaccessible following a cyberattack on an Iranian centralized exchange. Source: PBS. Click here to see full-sized image. A hacking group known as Predatory Sparrow (Gonjeshke Darande in Farsi), widely believed to have ties to Israel, claimed responsibility for the attack on Iran’s largest cryptocurrency exchange, Nobitex. This came just a day after the group announced it had destroyed data at Bank Sepah, a state-owned Iranian bank. According to blockchain analytics firm Elliptic, the hackers drained Nobitex wallets and transferred the funds into vanity addresses — i.e., crypto wallets created without retaining their private keys. In short, the funds were intentionally burned, making them inaccessible forever. Not even the hackers can touch them now. In a post on X (formerly Twitter), Predatory Sparrow threatened to leak Nobitex's internal data as well. Their accusations extended beyond financial motives. They claim connection between Nobitex and Bank Sepah to Iranian military funding — indicating that this operation was as much about political signaling as it was about disruption. Source: X. Click here to see full-sized image. Nobitex has since confirmed a “security incident” and says it’s working on a recovery plan. But for users who had crypto on the platform, recovery may no longer be possible. The damage is done. The Bigger Lesson: Custody Is Everything This event exposes a core vulnerability in crypto: custodial risk. When you keep your crypto on an exchange, you’re relying on a third party to protect it. That third party represents a single point of failure — whether from hacks, regulatory crackdowns or even international cyber warfare. Had those $90 million been stored in non-custodial wallets, protected by users’ own private keys, the loss could likely have been prevented. Exchanges can be taken offline, but self-custodied wallets remain under your control. Final Thoughts: Protect What’s Yours “Not your keys, not your crypto” isn’t just a slogan. It’s a survival principle. No centralized platform can guarantee your safety, especially during times of political or economic turmoil. The good news is protecting yourself — and your crypto — is easier than it sounds. In most cases, it only takes a quick app download. Then, you’ll need to copy 12 simple words — your wallet’s seed phrase— and store them securely and offline. That small action gives you full control over your assets, keeping them safe from hackers, governments and failing platforms. (You can learn more about how to take the first step toward self-custody here.) Take your security seriously. Learn how to safeguard your seed phrase and use wallets you control. Yes, it takes slightly more effort. But that effort is the cost of true ownership and increased protection. Don’t wait until the next breach forces your hand. Because once your crypto is gone, it’s gone. Best, Marija Matić | 