Several independent crypto-tracking businesses have reported that hackers stole about $90 million from Iran’s largest cryptocurrency market on Wednesday.
“Predatory Sparrow,” a proficient pro-Israel hacker collective, claimed responsibility for the cyberattack, which seems to be intended to further erode Iran in the wake of Israeli military attacks on Tehran.
According to a post on Farsi on X, the hackers claimed to have targeted the Iranian cryptocurrency exchange Nobitex, alleging that Iran exploited the exchange to evade international sanctions. And in a remarkable move, some cybersecurity experts speculate that the hackers may have essentially thrown away the stolen cryptocurrency by moving it to digital “wallets” over which they have no control.
In a statement posted on its website on Wednesday, Nobitex confirmed the occurrence and stated that, as a precaution, there would be no further access to the cryptocurrency exchange until further notice. According to crypto-tracking companies Elliptic and TRM Labs, the cryptocurrency was taken and transferred to “wallets” or accounts, along with a derogatory allusion to Iran’s Islamic Revolutionary Guard Corps (IRGC).
Predatory Sparrow said in a second breach on Tuesday that it had erased data at Iran’s state-owned Bank Sepah, citing the usage of the bank’s services by IRGC personnel as cover for the attack. The Iranian government’s Fars news agency issued a warning about possible interruptions to bank services at gas stations.
It was informed by a source in Tehran that they visited around ten ATMs on Tuesday and Wednesday and discovered that they were all either empty or non-operational.
These two spectacular assaults have escalated Israel and Iran’s long-running cyberwar, in which the arch-enemies, or those who support them, have used data destruction and digital spying to gain tactical advantage.
In yet another attack, the hackers targeted Iran’s state-owned television broadcaster on Wednesday, releasing video that called for a popular uprising against the Iranian government. No one was immediately held accountable for the breach.
The last five years have seen the rise of Predatory Sparrow, which has claimed spectacular hacks that have previously interfered with payments at Iranian gas stations and an Iranian steel company. Although the hackers pose as anti-government Iranian hacktivists, cybersecurity experts assume that they have connections to Israel.
Farsi-speaking cybersecurity specialist Hamid Kashfi told that even though the hackers claimed they were only targeting IRGC assets, the Predatory Sparrow attack of Nobitex might have an impact on ordinary Iranians. “Many Iranians are banking on crypto” in light of the ongoing conflict with Israel and the limited availability of financial resources, according to Kashfi.
As Israel and Iran trade missile attacks, a large portion of the cyber activity in recent days seems to be intended to incite fear in both nations. For instance, officials have sent out bulk SMS messages to Israelis claiming that bomb shelters are unsafe.
In the meanwhile, the Iranian government has cautioned its citizens from using WhatsApp because it believes Israel is gathering data from such conversations. A representative for Meta, the company that owns WhatsApp, has characterized such assertions as untrue and emphasized that WhatsApp conversations are end-to-end encrypted.
