Two planned cyberattacks by the hacker group Predatory Sparrow targeted the backbone of Iran’s digital economy—Nobitex, the top crypto exchange, and Sepah Bank, a financial pillar connected to the Iranian military establishment—shook Iran’s financial system this week.

This was not the usual cybercrime. It was devastating—strategic, symbolic, and brutal.

There was no theft intended from the attack on Nobitex. Rather, the hackers burned almost $90 million worth of bitcoin, forwarding the money to “vanity” wallet addresses—custom-generated strings including lines like “FuckIRGCterrorists.” These kinds of addresses cannot be accessed backwards or turned around. The money vanishes permanently.

“This is not about profit,” co-founder of Elliptic, the blockchain analysis company that tracked the transfers, Tom Robinson said. It is a digital scorched earth strategy. The money is practically destroyed. Financial sabotage is what this is.

Under its Farsi name, Gonjeshke Darande, Predatory Sparrow accused Nobitex of supporting terrorism groups by means of funds bypassing international sanctions. They assert the platform has enabled crypto transactions for Palestinian Islamic Jihad, Hamas, Yemen’s Houthis, and IRGC agents.

Elliptic’s investigation of blockchain activity verified that Nobitex was associated with wallets linked to these entities.

The Nobitex website went down shortly following the cyberattack. The company has stayed silent, providing no confirmation, denial, or explanation, leaving many Iranian users in the dark, some of them most likely wiped out financially.

Predatory Sparrow later that same day turned its attention to Sepah Bank, another important target. Reputedly hit with a complete internal data wipe, Sepah Bank is a long-standing financial institution closely linked to Iran’s military and nuclear initiatives. The group posted files implying Sepah’s financial cooperation with Iran’s ballistic missile development and the Islamic Revolutionary Guard Corps (IRGC), so bolstering their claim to have destroyed all operational data.

“Caution: Associating with regime infrastructure may cost you,” the hackers said ominously. “Who is next?”

The attack had repercussions felt all around the nation. Based in Sweden, cybersecurity researcher Hamid Kashfi noted that Sepah’s online platforms and ATMs were disrupted countrywide. “This isn’t only about military targets nowadays,” he said. Millions of people cannot access their money. Real chaos is what exists here.

The public-facing website of Sepah Bank briefly surfaced, but reports indicate many internal systems are still down. The Iranian government or the bank has not released any official comments.

Predatory Sparrow is known for aggressive, highly impactful activities. By adjusting industrial control systems, the group has disabled thousands of gas stations, disrupted railway systems, and even started fires at an Iranian steel plant. Often including leaked documents or posted videos, their past attacks suggest not only great access but also a taste for public spectacle.

Though they present themselves as an Iranian hacktivist group, analysts say Predatory Sparrow is really a front for Israeli intelligence. Their operations are closely coordinated and squarely focused on Iranian strategic targets.

“This group does not bluff,” Google’s Mandiant chief analyst John Hultquist said. When they claim they will strike, they indeed do. And the penalties are sometimes rather severe.

Predatory Sparrow showed by attacking Sepah Bank and Nobitex at once that no aspect of Iran’s financial system is off-limits. While Sepah oversees money allocated to Iran’s military and defense initiatives, Nobitex was essential for avoiding sanctions through cryptocurrencies.

The message is clear: tools enabling Iran to evade sanctions or finance strategic threats could be digitally destroyed without notice.