Once again, the digital battlefield between Israel and Iran flared out, and this time the damage was not only symbolic. It was catastrophic and financially affecting.

Widely thought to have links to Israel, the enigmatic and highly sophisticated hacker group Predatory Sparrow claimed responsibility for two cyberattacks aiming at Iran’s economic lifelines: its banking and bitcoin sectors on Wednesday.

Frequently running under its Persian name Gonjeshke Darande, the group posted on its X account that it had targeted Iran’s most well-known cryptocurrency exchange, Nobitex, accusing it of supporting the Iranian government in escaping sanctions and directing money to terrorism groups. But this wasn’t your typical theft or data breach.

More than $90 million worth of cryptocurrencies were destroyed rather than stolen, claims Elliptic, a blockchain forensics company. The hackers moved the money to blockchain addresses bearing provocative labels like “FuckIRGCterrorists.” Considered vanity wallets, these wallet addresses are essentially unrecoverable. The assets have therefore gone permanently.

“The hackers obviously have political rather than financial motivations,” cofounder Elliptic Tom Robinson remarked. “The crypto they stole has basically been burned.”

Predatory Sparrow made their position quite clear in their public statement: “These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions. Linking with infrastructure for sanction violations and regime terror financing exposes your assets.

This goes beyond digital money as well. As Elliptic also revealed, Nobitex has had recorded links to Iran’s Islamic Revolutionary Guard Corps (IRGC) and other sanctioned organizations, including Hamas, the Houthi insurgents in Yemen, and Palestinian Islamic Jihad.

Still, the attack on Nobitex was only the starting point.

Predatory Sparrow declared a second strike that same day, this one directed against Sepah Bank, one of Iran’s most reputable and ancient financial institutions. If verified, their claimed total deletion of all bank data would be among the most damaging cyberattacks on a financial system in recent memory.

The hackers uploaded papers purportedly displaying financial agreements between Sepah Bank and the IRGC to support their allegation. They also did not hold back, as in past times. Their message was “Caution: Your long-term financial situation suffers if you associate with the tools used by the government to evade sanctions and fund its ballistic missiles and nuclear program.” Who comes next?

The warning wasn’t empty-handed.

The website of Sepah Bank went down soon after the announcement. It resurfaced later; the bank has not issued any official comments. Meanwhile, Nobitex’s platform stayed entirely down at the time of reporting and the firm made no official comment.

Effects outside the digital sphere are starting to show.

Hamid Kashfi, a Swedish Iranian cybersecurity specialist and DarkCell founder, claims actual disruption. He told reporters that Sepah’s online banking systems and ATMs had been off-line. ” Individuals find it difficult to get their money. Not only is military infrastructure being disrupted; regular people are caught in the fallout as well. Predatory Sparrow has caused extensive upheaval in Iran before.

Thousands of gas stations they closed earlier caused a nationwide fuel shortage. They have disrupted train lines. And in 2022 the group coordinated one of the most physically damaging cyberattacks in history, causing molten steel to spill from the Khouzestan Steel Company and starting a fire that threatened worker lives. Video footage uploaded by the hackers themselves even captured the attack.

Professionals think the group is far from finished.

Chief analyst of Google’s threat intelligence division, John Hultquist, underlined the group’s seriousness. “Although many cyberspace players create noise, Predatory Sparrow is unique. They possess the ability, the accuracy, and most importantly, the will to act on their warnings.

One thing is certain: cyberwarfare is no longer only about data, even if the actual degree of the damage is yet under evaluated. It’s about destroying infrastructure, quieting financial activity, and leaving economic ruin in its path.

The question now goes beyond simply who’s next. Furthermore, how much more damage is on the route?