
Key Points
- Israeli-linked hacker group Predatory Sparrow (Gonjeshke Darande) has claimed responsibility for a devastating cyberattack on Iran’s largest crypto exchange, Nobitex, destroying over $90 million in digital assets.
- The attack coincided with a separate strike on Iran’s state-owned Bank Sepah, causing widespread outages and data loss.
- Hackers accuse Nobitex and Sepah Bank of aiding Iran’s government in sanction evasion and funding terrorism.
- The stolen crypto was deliberately “burned” (sent to inaccessible wallets), signaling a political rather than financial motive.
- Nobitex has promised full reimbursement to affected users and is investigating the breach.
Tel Aviv: A dramatic escalation in the Iran-Israel cyberwar has seen the pro-Israeli hacker group Predatory Sparrow (Gonjeshke Darande) claim responsibility for two of the most damaging cyberattacks in the region’s history. The group has obliterated more than $90 million in digital assets from Iran’s largest cryptocurrency exchange, Nobitex, and paralyzed the state-owned Bank Sepah, sending shockwaves through Iran’s financial and government sectors.
How the Nobitex Hack Unfolded
On June 18, Nobitex, Iran’s leading crypto exchange with over 10 million users, detected unauthorized access to its “hot wallet” infrastructure—wallets connected to the internet for quick transactions. The hackers siphoned off at least $90 million in various cryptocurrencies, including USDT, Dogecoin, and Bitcoin, over multiple transactions. Blockchain analytics firm Elliptic confirmed that instead of stealing the funds for personal gain, the hackers sent the assets to so-called “vanity” addresses with anti-IRGC slogans, making the crypto permanently inaccessible a deliberate act of destruction.
Predatory Sparrow accused Nobitex of helping the Iranian regime bypass international sanctions and fund terrorism, warning users to withdraw their assets or risk losing them. The group threatened to release the exchange’s source code and internal data within 24 hours, further exposing vulnerabilities in Iran’s cyber infrastructure.
Nobitex has assured users that most funds held in cold storage remain safe and that all losses from hot wallets will be reimbursed through its insurance fund and internal resources.
Bank Sepah Attack: Data Destroyed, Services Crippled
In a parallel attack, Predatory Sparrow targeted Iran’s state-owned Bank Sepah, a key financial institution linked to the Islamic Revolutionary Guard Corps (IRGC). The hackers claim to have wiped out all of the bank’s data, causing widespread outages at ATMs and disrupting payment processing across the country. Iranian media and international observers reported that many branches were closed, and customers were unable to access their accounts or withdraw cash.
Bank Sepah’s critical role in Iran’s fuel distribution network meant the attack also affected gas stations nationwide, deepening the crisis. The hackers justified their actions by accusing the bank of supporting Iran’s military, missile, and nuclear programs.
A Pattern of Destructive Cyberwarfare
Predatory Sparrow has a notorious history of targeting Iranian infrastructure, including previous attacks on steel mills, railway systems, and nationwide gas stations, often causing physical damage and widespread disruption. Cybersecurity experts believe the group is closely linked to Israeli intelligence and military operations, and its actions are politically motivated rather than financially driven.
Geopolitical Fallout and Industry Impact
These cyberattacks come amid intense military conflict between Israel and Iran, with both countries exchanging missile strikes and warnings of further escalation. The deliberate destruction of digital assets and crippling of major financial institutions highlight the growing role of cyberwarfare in modern conflicts and expose vulnerabilities in Iran’s digital economy.
Nobitex’s commitment to reimbursing users aims to restore trust, but the long-term impact on Iran’s crypto sector and public confidence remains uncertain.