A sophisticated cyberattack that penetrated deeply into Iran’s financial infrastructure has left the country reeling once more. The coordinated attack, executed by the hacker collective Predatory Sparrow, targeted Sepah Bank, a state-affiliated organization with strong ties to the Islamic Revolutionary Guard Corps (IRGC), as well as Nobitex, the nation’s most popular cryptocurrency platform.

What transpired was a deliberate act of digital sabotage, not merely a breach.

Elliptic, a blockchain intelligence firm, claims that hackers were able to access Nobitex and burn over $90 million worth of cryptocurrency assets. They sent the assets to addresses beginning with words like “FuckIRGCterrorists” instead of transferring the money to accounts under their control, rendering the assets permanently inaccessible.

Elliptic’s Tom Robinson clarified, “There was no profit motive here.” “Political messaging and actual harm were the goals here.”

Gonjeshke Darande, also known as Predatory Sparrow in Farsi, charged that Nobitex was helping Iran circumvent international sanctions. Additionally, they claimed the platform was used to transfer money to designated terrorist organizations, such as Palestinian Islamic Jihad, Hamas, and the Houthi rebels. These assertions were corroborated by Elliptic’s blockchain analysis, which verified communications between Nobitex and wallets connected to the IRGC and its affiliates.

Nobitex’s website suddenly went down after the announcement. Thousands of Iranian users are left wondering if their holdings have disappeared into the same digital void in the absence of an official statement.

However, the cyberattack had not ended.

Hours later, Predatory Sparrow claimed to have successfully targeted Sepah Bank, erasing its internal systems and making public files that seemed to show the bank’s collaboration with Iran’s defense projects, such as its nuclear and ballistic missile projects.

“Associating with regime sanction-evading infrastructure puts your assets at risk,” the group cautioned in a stark message posted online. Who will be next?

Reports surfaced that Sepah’s digital banking services and ATMs had stopped working inside Iran. Iranian cybersecurity specialist Hamid Kashfi, who is based in Sweden, verified the reports, stating that “millions of ordinary citizens are now caught in the fallout of this cyber war.”

Although the bank’s public website is back up and running, many essential services are still unavailable, particularly in regional branches.

For many years, the Iranian government has been plagued by predatory sparrows. In the past, the group has disrupted train systems, shut down the fuel distribution network, and executed one of the most physically hazardous cyberattacks in recent history. An explosion of molten metal and a fire that might have easily claimed lives were caused by that 2022 strike on the Khouzestan Steel Company.

Despite the group’s self-presentation as an Iranian resistance movement, most cybersecurity experts worldwide think it is directly controlled or guided by Israeli intelligence services. Its timing is too precise, and its attacks are too complex.

John Hultquist, a top cyber threat analyst at Google, stated, “This isn’t amateur hour.” “Predatory Sparrow is not just a hacker collective. They are a cyber operator of military caliber.

They have issued a clear warning to Iran’s strategy of using cryptocurrency as a workaround for sanctions by removing Nobitex. They have struck down the financial backbone of Iran’s military with their attack on Sepah Bank.

These days, bombs and drones aren’t the only weapons used in war. Code and cables are used to carry it out in silence.

And this digital front line is anything but quiet, if the final line of Predatory Sparrow’s message—”Who’s next?”—is any indication.