Pro-Israel Hacker Group Claims $90 Million Cyberattack on Iranian Crypto Exchange

A prominent anti-Iranian hacker group known as “Predatory Sparrow” has claimed responsibility for a cyberattack on Nobitex, Iran’s largest cryptocurrency exchange, in what analysts describe as a politically motivated act of cyber sabotage.

The attackers allegedly destroyed nearly $90 million worth of digital assets and released the platform’s source code online.

The operation, carried out early Wednesday, marks the second high-profile cyberattack in as many days by the group, known in Farsi as Gonjeshke Darande. The group had previously claimed responsibility for an attack on Iran’s state-owned Bank Sepah on Tuesday, amid heightened tensions in the region following an escalation in hostilities between Israel and Iran.

According to blockchain analysis firms including TRM Labs and Chainalysis, the hackers drained Nobitex of funds across multiple cryptocurrencies, including Bitcoin, Ethereum, and Dogecoin. However, analysis suggests the attackers directed the stolen assets into wallets that effectively rendered the funds inaccessible, an action interpreted by analysts as a deliberate attempt to “burn” the assets rather than profit from the breach.

“The hackers appear to have sacrificed financial gain to send a political message,” said Andrew Fierman, head of national security intelligence at Chainalysis.

He added that Nobitex has been previously linked to entities affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), some of which have allegedly used the platform to circumvent international sanctions.

Nobitex confirmed the security breach in a statement posted to social media platform X, stating it had taken its website and app offline to investigate “unauthorized access.” As of Thursday, the platform remained inaccessible.

Cybersecurity firm Elliptic published a blog post supporting the assertion that the attack was politically rather than financially motivated. The firm also cited evidence that Nobitex had been used by groups hostile to Israel, including Hamas, Palestinian Islamic Jihad, and Yemen’s Houthi rebels.

While Israeli media have linked Predatory Sparrow to Israel’s intelligence operations, the Israeli government has not officially acknowledged any ties. The group, however, has a history of high-impact cyberattacks inside Iran, including a 2021 campaign that disrupted gas stations across the country and a 2022 attack on a steel facility that caused a major fire.

The recent hacking campaign comes amid renewed military and geopolitical friction in the Middle East. Last week, Israel reportedly carried out strikes on Iranian nuclear and military sites, prompting retaliatory missile launches from Tehran. The cyberattacks appear to be part of a broader digital and kinetic confrontation playing out in parallel.

Concerns over Iran’s use of cryptocurrency to bypass sanctions have long been flagged by policymakers. In May 2024, US Senators Elizabeth Warren and Angus King cited Nobitex in a letter to US officials, warning that the platform could be enabling Iran’s access to global financial systems despite restrictions.

NBC News and the Hill contributed to this report.