A well-known hacker group called Predatory Sparrow has attacked Iranian financial institutions severely in a fast-rising cyberwar reflecting Middle Eastern geopolitical tensions. Often accused of running under Israeli intelligence influence, the group claimed responsibility this week for destroying two important pieces of Iran’s economic architecture: the government-linked Sepah Bank and the bitcoin exchange Nobitex.

But what distinguishes this incident is not only the breach but also what the hackers did once they were inside. They refrained from crypto theft. They burnt it.

Moving over $90 million in assets to vanity crypto addresses—including provocative names like “FuckIRGCterrorists—intentionally destroyed them. Usually intended for messages rather than functionality, these kinds of addresses are. The money turned unrecoverable once it was sent. Blockchain analysis company Elliptic claims that this action marks a fresh front in politically driven cyberwarfare.

“The hackers obviously have political rather than financial motivations,” co-founder Elliptic Tom Robinson remarked. “The crypto they stole has basically been burned.”

Predatory Sparrow claimed in their public statement that Nobitex was helping Hamas, the Houthi rebels of Yemen, the Islamic Revolutionary Guard Corps, and Palestinian Islamic Jihad in addition to facilitating financial transactions. Elliptic’s tracing data confirmed these assertions by revealing connections between Nobitex and crypto wallets known to be run by these groups, all under international sanctions.

The group cautioned Nobitex that by backing approved organizations, it had put its customers in danger. Shortly after the announcement, the website of the platform went down; the company has not released any official reaction.

The next phase arrived after that.

Predatory Sparrow said it had specifically targeted Sepah Bank, among Iran’s most prominent and oldest state-owned banks. The group claimed to have completely deleted all internal bank data, so releasing what they claimed to be confidential records linking Sepah to the Iranian military.

“Caution: Associating with the instruments of the regime for evading sanctions and funding its ballistic missiles and nuclear program is bad for your long-term financial health,” the group said. ” Who’s next?”

Sepah’s website came back online in one day, but the disturbance was far from gone. Following the hack, DarkCell founder and cybersecurity researcher Hamid Kashfi said that ATMs and online services connected to Sepah Bank stayed broken. “There is real hardship and general uncertainty,” Kashfi said. “Daily users of those services depend on them. One feels the influence far outside of government circles.

Predatory Sparrow’s attacks now define this kind of collateral damage as their trademark. The group has past disabled Iran’s national rail system, petrol stations, and even industrial machinery. Through hacking into control systems, they set off a fiery accident at a steel mill in 2022. Released by the hackers themselves, the video footage showed molten metal flooding the plant floor.

Although the group says it is a local resistance force, experts contend its activities are far too sophisticated to be independent. Most point fingers at Israeli state agencies, citing their ability to execute high-risk, high-impact strikes across several sectors.

“This is not a prank group or an isolated hacktivist cell,” Google’s senior threat intelligence analyst John Hultquist said. “Predatory Sparrow is so dangerous since it has the tools and knowledge to fulfill good on its threats.”

The group has revealed weaknesses in Iran’s digital infrastructure by demolishing a top bank and closing a sizable cryptocurrency exchange. More importantly, they have communicated to others collaborating with the Iranian government: you are not safe either.

Iran’s financial institutions might have to change their digital policies as geopolitical concerns keep growing and the line separating cyberactivity from state-sponsored warfare erases. Because in this new age, cyberattacks are about making digital systems collapse from the inside, not about data theft.