A new front has opened in the shadow conflict between Israel and Iran—not in the skies or on the ground, but in cyberspace. A hacking group widely believed to be aligned with Israeli interests infiltrated Iran’s largest cryptocurrency exchange, Nobitex, stealing the equivalent of $90 million and leaving behind digital chaos.
This latest strike, claimed by the elusive cyber collective known as “Predatory Sparrow,” signals a dramatic escalation in the cyber warfare tactics used in the ongoing confrontation between the two nations. With financial systems under siege and the Iranian public increasingly reliant on crypto due to sanctions and inflation, the attack carries weight far beyond the blockchain.
A $90 Million Digital Heist
On Wednesday, multiple blockchain-tracking firms confirmed that digital assets totaling approximately $90 million were siphoned from Nobitex, a leading crypto exchange that facilitates much of Iran’s internal digital currency trade.
Nobitex temporarily suspended its services, acknowledging the breach in a statement published on its website. “As a precautionary step, access to the platform has been restricted while investigations are ongoing,” the company noted.
Cyber intelligence firms Elliptic and TRM Labs verified the unauthorized outflow of funds. In an unusual and deliberate gesture, the stolen crypto was sent to wallets featuring explicit names mocking the Islamic Revolutionary Guard Corps (IRGC). According to experts, those wallets appear inaccessible—even to the hackers themselves.
“This was not about profit. This was a political statement,” said Tom Robinson, co-founder of Elliptic, in a statement to Global Market News. “The hackers appear to have thrown away tens of millions of dollars just to make a point.”
The Group Behind the Breach
The hacking outfit claiming responsibility, Predatory Sparrow, operates under a veil of anonymity, but their actions are growing louder and more disruptive. In a message posted in Farsi on X (formerly Twitter), the group accused the Iranian regime of using Nobitex to bypass international sanctions, enabling financial transactions for entities like the IRGC.
Cybersecurity analysts say the group’s tactics and technical capabilities suggest a sophisticated backer—most likely Israel’s cyber units or a closely aligned faction.
“This isn’t some rogue hacker in a basement,” said Hamid Kashfi, an independent cybersecurity analyst who has studied the group’s previous exploits. “This is coordinated, targeted, and clearly aligned with Israel’s geopolitical strategy.”
Kashfi, who spoke with CNN and other media outlets, warned that despite the hackers’ claim of targeting regime assets, average Iranians who rely on crypto may end up paying the price. With traditional banking systems under pressure and economic instability deepening, digital currencies have become a lifeline for many.
“Increasingly, ordinary Iranians are storing value in crypto. If Nobitex becomes unusable or unsafe, that safety net is gone,” Kashfi said.
A Broader Campaign Unfolds
The Nobitex breach was just one in a series of attacks orchestrated this week. A day earlier, Predatory Sparrow claimed responsibility for a separate cyberstrike against Iran’s state-owned Bank Sepah. The group said IRGC members used the bank to conduct financial operations, justifying their decision to cripple internal systems and wipe critical data.
The damage appears to have been immediate. According to a Tehran-based source who spoke with Global Market News, ATMs across the capital were either out of service or empty of cash in the 48 hours following the attack. CNN confirmed the same, reporting that citizens in Tehran encountered repeated failures at ATMs while attempting to withdraw money.
To make matters worse, Iran’s official state TV broadcaster was also compromised Wednesday. During the hack, unauthorized footage aired calling for a popular uprising against the government. No group has claimed responsibility for that particular broadcast intrusion, but the timing suggests coordination.
“The scale and synchronization of these attacks points to a much larger campaign, aimed not just at cyber infrastructure, but at the psychological resilience of the Iranian state,” said Roya Rahmani, a former Afghan ambassador and regional analyst.
Economic Disruption and Psychological Warfare
As Iran and Israel continue to exchange missile strikes and rhetorical threats, cyberspace is becoming a preferred battleground. The impact of these attacks extends beyond technical disruption—they are targeting trust itself.
Iran’s government has issued public warnings, urging citizens not to use WhatsApp, claiming the messaging platform is being exploited by Israeli intelligence to gather personal data. Meta, which owns WhatsApp, categorically denied the claim, reiterating that all chats on the app are end-to-end encrypted.
Meanwhile, Israeli civilians are also facing digital manipulation. Fake text alerts have been sent to mobile phones across the country, falsely warning that bomb shelters are unsafe. These psychological operations aim to provoke confusion and fear on both sides of the conflict.
Cyber manipulation, disinformation, and digital infrastructure attacks have become indispensable weapons in modern warfare, particularly between technologically advanced adversaries like Israel and Iran.
Who is Predatory Sparrow?
Predatory Sparrow first emerged publicly around 2021 with claims of cyberattacks on Iranian steel facilities. Since then, the group has taken credit for disabling gas station networks across Iran, and now, executing one of the largest crypto-related political hacks in recent memory.
Though Predatory Sparrow presents itself as an Iranian opposition group fighting against the Islamic Republic from within, most cybersecurity experts dismiss that narrative. The sophistication of the group’s tactics, coupled with the strategic alignment with Israeli interests, strongly suggest state-level coordination.
“The language, timing, and targets point to a highly capable actor with access to intelligence-grade data,” said a senior Israeli defense analyst speaking under condition of anonymity. “This is not hacktivism. This is cyberwarfare.”
The Implications for Iran’s Crypto Landscape
Iran has leaned heavily into cryptocurrency to navigate around crippling international sanctions. From state-backed mining operations to semi-legal exchanges like Nobitex, digital assets have been instrumental in funding imports and paying vendors abroad.
But the very tools Iran is using to resist sanctions are now becoming points of vulnerability.
“This attack exposed how dependent Iran has become on a digital ecosystem it can’t fully protect,” said Teymour Shahbazi, a crypto industry consultant who advises firms operating in emerging markets. “If trust evaporates from Nobitex or similar platforms, that’s a major setback for the government’s workaround economy.”
Already, crypto usage in Iran is under scrutiny. Regulators in Europe and the U.S. have pointed to Iranian exchanges as vehicles for money laundering and terror finance—claims Tehran has denied.
If Predatory Sparrow’s claims are accurate, and Nobitex was being used to funnel funds to the IRGC, that could prompt further action from global regulators.
“This could open the door for a new round of sanctions targeting crypto entities,” Shahbazi warned.
A Digital War With No Borders
While physical battles rage in the Middle East, the cyberwar between Israel and Iran is likely to grow in frequency and sophistication. The Nobitex breach highlights how digital infrastructure—especially financial platforms—has become a frontline target.
Cyberattacks of this scale are not just technical footnotes; they are weapons of disruption aimed at public trust, financial resilience, and national morale.
“The war is no longer just about missiles or soldiers,” said cybersecurity researcher Amir Eslami. “It’s about bits and bytes, and who controls them.”
And as that battlefield expands, everyday citizens—not just governments—are increasingly caught in the crossfire.
About Author
