- A pro-Israel hacking group has drained $90 million in crypto from Irans largest exchange, Nobitex
- The stolen funds have been sent to unusable wallets containing anti-IRGC slogans, rendering them permanently inaccessible
- The attack follows a similar cyber operation targeting Irans Bank Sepah and appears to be politically motivated
A pro-Israel hacktivist group has claimed responsibility for a major cyberattack on Nobitex, Irans largest cryptocurrency exchange , stealing over $90 million in digital assets and destroying access to the funds. The attackers transferred the cryptocurrency into specially crafted vanity wallets that contain politically charged messages, effectively removing the funds from circulation. The breach appears to be part of a broader cyber offensive against Iranian financial institutions believed to be linked to terrorism financing and comes as the two countries become more entrenched in war.
Politically Motivated Hack
The group, known as Predatory Sparrow, publicly announced the attack on social media, accusing Nobitex of collaborating with Irans Islamic Revolutionary Guard Corps (IRGC) to evade sanctions and launder money. Blockchain analysts confirmed the stolen assets, spanning Bitcoin, Ethereum, and various stablecoins, were sent to wallets with addresses spelling out phrases like F-IRGCterrorists. Because of the way these wallets were generated, accessing the funds is cryptographically impossible, indicating the group never intended to profit:
The attackers appear to have exploited internal security weaknesses in Nobitexs infrastructure, particularly hot wallet access controls, just days after claiming responsibility for a cyberattack on Irans Bank Sepah. Analysts at TRM Labs and Elliptic estimate that the stolen funds represent a significant portion of Nobitexs liquid reserves, although the company has reassured users that the exchanges cold wallets have not been affected:
Hackers Vaporized Funds
Experts say the attack carries hallmarks of a highly sophisticated, state-aligned operation. They didnt steal the moneythey vaporized it, said one analyst, describing it as a digital act of protest or deterrence. Attacks of this nature, where hackers deliberately destroy vast sums of money rather than steal it, are exceptionally rare in the world of cybercrime, with most breaches financially motivated. The Nobitex incident stands out because the perpetrators chose to render over $90 million in cryptocurrency permanently inaccessible, using addresses that cannot be recovered.
This kind of politically charged sabotage, aimed at inflicting reputational and economic damage rather than gaining financially, reflects an unusual level of coordination and ideological commitment, suggesting a shift from conventional cybercrime toward strategic, nation-state-style cyberwarfare using decentralized financial infrastructure as the battleground.
