Pro-Israeli hackers just drained $90 million from an Iranian cryptocurrency exchange linked to terrorists, sending the funds to inaccessible addresses with anti-Iran messages as tensions between the two nations continue to escalate.
Key Takeaways
- Hacking group Predatory Sparrow stole over $90 million in Bitcoin, Ethereum, and Doge from Nobitex, Iran’s largest cryptocurrency exchange with 7 million users
- Nobitex has documented connections to the Islamic Revolutionary Guard Corps (IRGC), which is designated as a terrorist organization by the US, UK, EU, and Canada
- The stolen cryptocurrency was sent to inaccessible addresses with anti-Iran messages, effectively destroying the funds rather than enriching the hackers
- The politically motivated attack comes amid ongoing missile exchanges between Iran and Israel, with the hackers also threatening to release Nobitex’s source code
Massive Cyber Heist Targets Iranian Terrorist Infrastructure
Pro-Israeli hacking group Predatory Sparrow has executed one of the largest politically motivated cryptocurrency thefts in history, draining approximately $90 million from Nobitex, Iran’s largest cryptocurrency exchange. The hackers specifically targeted the platform due to its documented connections to the Islamic Revolutionary Guard Corps (IRGC), an organization designated as terrorist by multiple Western governments including the United States. The audacious cyber attack represents a significant financial blow to Iranian interests at a time of heightened regional tensions.
Unlike typical cryptocurrency thefts where hackers aim to profit, Predatory Sparrow transferred the stolen digital assets—including Bitcoin, Ethereum, and Doge—to deliberately inaccessible blockchain addresses accompanied by anti-Iran messages. This strategy effectively destroyed the funds rather than enriching the attackers, demonstrating the operation’s primary purpose was to inflict economic damage on Iranian interests rather than financial gain. The attack specifically targeted an entity with documented ties to Iran’s military and terrorism infrastructure.
Broader Campaign Against Iranian Financial Infrastructure
The Nobitex attack appears to be part of a larger campaign against Iranian financial infrastructure. “Predatory Sparrow” simultaneously claimed responsibility for a separate cyberattack on Iranian Bank Sepah, alleging the financial institution has direct involvement with the IRGC. These coordinated strikes suggest a sophisticated and deliberate strategy to undermine Iran’s economic stability during a period of escalating military tensions with Israel, which has included missile exchanges between the two nations.
The timing of these cyber operations coincides with growing regional tensions. President Trump has expressed frustration with Iran’s actions but has not confirmed any plans for direct military intervention. Meanwhile, Iran’s Supreme Leader has issued warnings against potential US involvement, claiming it would result in “irreparable damage.” The cyber campaign represents a non-military method of applying pressure on the Iranian regime through its financial infrastructure.
Targeting Terrorist Financial Networks
Nobitex’s significance extends beyond being merely a cryptocurrency exchange—with over 7 million users, it represents a critical component of Iran’s attempt to evade international sanctions. Previous investigations have linked the platform to IRGC-related ransomware operations and individuals with close connections to Iran’s leadership. By attacking this platform, Predatory Sparrow has demonstrated the vulnerability of Iran’s alternative financial networks that operate outside traditional banking systems.
The hackers’ threat to release Nobitex’s source code could potentially expose additional connections between the cryptocurrency exchange and terrorism financing operations. This represents an ongoing vulnerability for the Iranian regime, as further disclosures could provide intelligence agencies with valuable information about how the IRGC uses cryptocurrency to fund operations and evade international sanctions. The attack highlights how digital infrastructure has become a legitimate target in modern geopolitical conflicts.
