Rising tensions between Israel and Iran cast a shadow over a fresh wave of cyberwarfare. This time, the battlefield is not a power plant, train station, or steel mill—but the very infrastructure driving Iran’s economy: Banks and Bitcoin markets.

Once well-known in Farsi as Gonjeshke Darande, the hacker group Predatory Sparrow has made news once more with a series of overt assaults upsetting Iran’s financial system. On Wednesday, the group claimed responsibility for coordinated cyber operations aimed at Sepah Bank and the Nobitex crypto exchange, generating major disturbance and posing grave questions regarding cyber vulnerabilities in Iran’s vital systems.

The most shockingly unexpected component is that the attack on Nobitex sought to destroy rather than pilfer cryptocurrencies.

Blockchain forensics specialist Elliptic claims that more than $90 million worth of digital assets were transferred from Nobitex wallets to irreversible addresses. Furthermore not random these addresses were. Designed with great care, these vanity wallets included overt messages like “FuckIRGCterrorists.” Funds sent to these kinds of addresses disappear once they arrive. Long term.

“The hackers obviously have political rather than financial motivations,” said Tom Robinson, cofounder of Elliptic. “The crypto they stole has burned rather nicely.”

In their public post, Predatory Sparrow defended the destruction. They accused Nobitex of being a necessary tool for the Iranian government to fund terrorism and get past foreign sanctions. The group cautioned, “associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

Elliptic’s research confirmed blockchain links between Nobitex and a number of approved groups, including the IRGC, Hamas, the Houthi rebels, and Palestinian Islamic Jihad, bolstering these assertions.

Still, that was only the first attack.

Targeting Sepah Bank as well, the group claimed to have erased “all” of the bank’s data. They even produced records seeming to show financial ties between the bank and Iran’s Islamic Revolutionary Guard Corps (IRGC). The language used to accompany the release was likewise rather direct: “Caution: Your long-term financial situation suffers if you associate with the tools used by the government to evade sanctions and fund its ballistic missiles and nuclear programme. Who comes next?

Sepah Bank’s website went offline in the hours following the attack. It has lately returned online, but the bank has not yet published an official statement. Conversely, Nobitex’s website is still down, and its managers have not responded.

Ground-based in Iran, the effects are beginning to show up for common people.

Living in Sweden and starting the company DarkCell, Iranian cybersecurity researcher Hamid Kashfi has been in touch with Iranian sources claiming major service disruptions. “Sepah’s online banking and ATMs have been out since the attacks,” Kashfi said. “Collateral damage has been rather extensive. Common people are caught in the middle here.

For Predatory Sparrow, which has a history of attacking not only military infrastructure but also national services that millions of Iranians depend on daily, this fits a known pattern. The group earlier stopped Iran’s railroads, disabled gas station payment systems twice, and in one well-known incident, stole the control system of a steel mill, molten steel spilled, and a fire started. The group noted and posted that attack online.

Though posing as an Iranian hacktivist group, most analysts agree Predatory Sparrow is either directly supported by the Israeli military or intelligence, or is aligned with. Their accuracy, coordination, and access to especially sensitive infrastructure point to state-level support.

For years, John Hultquist, chief analyst at Google’s threat intelligence division, has been keeping an eye on the group. Hultquist pointed out that this actor is quite capable and serious. ” Their capacity to carry out difficult operations distinguishes them. They are following through, not only threatening.

Hard to overlook are the wider consequences of these cyberattacks. Years of years have seen Iran openly rely on cryptocurrencies as a means of escape from sanctions. Predatory Sparrow has basically targeted the digital workaround for the international financial isolation of Nobitex.

The message is straightforward and frightening. Predatory Sparrow is observing institutions even indirectly connected to the worldwide aspirations of the Iranian government. More essentially, though, they are acting.

Iran’s digital resilience is facing its toughest challenge yet as Middle Eastern tensions keep rising and cyberspace becomes a more and more powerful weapon.