A cyberattack attributed to a pro-Israel hacking group has compromised over $90 million in cryptocurrency from Iran’s largest digital asset exchange, Nobitex, according to blockchain analytics firm Elliptic. The attackers reportedly transferred the stolen assets into inaccessible “vanity” addresses, effectively removing them from circulation. Elliptic said that these receiving addresses contained politically charged messages denouncing the Islamic Revolutionary Guard Corps (IRGC), a powerful Iranian military faction.
This, coupled with the deliberate destruction of the funds, suggests a politically motivated operation rather than an attempt at financial theft. The group claiming responsibility, known as Gonjeshke Darande or “Predatory Sparrow,” also announced it had breached Iran’s state-owned Bank Sepah earlier in the week. The hackers stated their intention to publish Nobitex’s source code, while the platform remained offline following the breach. Additional analysis from blockchain intelligence company Chainalysis revealed that the stolen assets included a mix of cryptocurrencies such as bitcoin, ethereum, dogecoin, ripple, solana, tron, and toncoin.
Chainalysis further confirmed that the funds were routed to burner wallets with no evidence of subsequent movement, indicating they were not intended for recovery or sale. Andrew Fierman, head of national security intelligence at Chainalysis, emphasized the non-financial motives behind the breach. He described the attack as symbolic, highlighting how digital finance infrastructure is increasingly entangled in geopolitical tensions. He added that while Iran’s crypto market is relatively small, its political significance has made it a focal point for cyber operations.
Elliptic’s findings also linked Nobitex to previously sanctioned networks. The exchange has been associated with IRGC-affiliated ransomware actors and with wallets tied to Hamas, Palestinian Islamic Jihad, and Yemen’s Houthi movement. These groups are all under international sanctions and have been accused of financing militant activities through cryptocurrency channels. The attack occurred amid heightened military tensions between Iran and Israel, marked by recent cross-border missile exchanges.
On the same day as the reported hack, Iranian Supreme Leader Ayatollah Ali Khamenei warned the United States of “irreparable damage” in response to geopolitical pressure, escalating the broader regional conflict. Elliptic noted that it is continuing to track crypto activity linked to Iranian entities and has updated its compliance systems to address what it described as a growing threat landscape. The breach of Nobitex highlights the increasing vulnerability of regional crypto platforms to cyberattacks driven by political agendas rather than economic gain. – By CryptoWire News Desk.