Iran’s financial industry is the latest victim of a shadow war raging in cyberspace, in real time. Two consecutive attacks on prominent Iranian financial institutions—the military-affiliated Sepah Bank and the popular bitcoin exchange Nobitex—have been attributed to the Israel-linked hacker collective known as Predatory Sparrow—or Gonjeshke Darande in Farsi.

Declaring that Nobitex had been singled out for allegedly supporting the Iranian government in avoiding world sanctions and funding terrorism, the group posted its activities on its official X account. But unlike most cyberattacks in which the aim is theft, this one was pure destruction. Blockchain analytics company Elliptic claims the hackers destroyed more than $90 million worth of digital assets from Nobitex by moving them to unreachable crypto wallet addresses.

These wallets were not average ones. Designed with names like “FuckIRGCterrorists,” they were “vanity addresses”—that is, messages. This is a rare example of political protest via crypto destruction since their generation renders any money donated unrecoverable. Tom Robinson, co-founder of Elliptic, pointed out that the hackers obviously have political rather than financial goals. “The crypto they stole has burned rather quickly.”

The part Nobitex plays in allowing the financial maneuvering of the Iranian government seems to be more than just incidental. Direct links between the platform and approved players—including operatives connected to IRGC, Hamas, the Houthis, and Palestinian Islamic Jihad—were found by Elliptic’s research. The hackers charged the platform with acting as Iran’s shadow economy’s digital arm.

Shortly after demolishing Nobitex, Predatory Sparrow exposed its second target: Sepah Bank, among Iran’s oldest and most strategically important financial institutions. The group claimed to have deleted all of the internal bank records and even made public records seeming to show Sepah’s financial relationships with the Islamic Revolutionary Guard Corps. Their message carried a warning: “Associating with the instruments of the regime for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health. Who’s next?

The website of Sepah Bank was offline following the incident, but was later restored. However, at the time of reporting, Nobitex’s platform remained unreachable. Neither organization responded formally to the attack, leaving users in the dark and concerned.

But the influence goes beyond the businesses as well. Common people have experienced the sting of the attack. Based in Sweden and founded DarkCell, Iranian cybersecurity specialist Hamid Kashfi claimed that ATMs connected to Sepah Bank and online banking services have been offline since the hack. “There is a great deal of collateral damage,” Kashfi said. One cannot access their own money. This is upsetting daily life, not only a political message.

Targeting infrastructure at the junction of civilian and military utility, predatory Sparrow has a past. The group has closed thousands of gas stations, disabled Iran’s rail system, and started a cyberattack on the Khouzestan Steel Company in the past years, resulting in molten metal spills and partial factory fires. The hackers even recorded and posted that attack.

Although the group bills itself as a native resistance force, experts generally agree that it is linked to Israeli military operations or intelligence. The accuracy, scope, and force of the strikes point to preparation and funding well beyond what independent hacktivists could handle.

“This actor is really serious and very capable,” said Google’s threat intelligence division chief analyst John Hultquist. Many of the performers will be making threats. This is one that can carry out those threats.

This wave of attacks is so noteworthy because it marks a change from theft of data or money to purposeful destruction of infrastructure and assets. It also conveys a frightening message: you are a target if your company supports the Iranian government.

Cyberwarfare is changing as regional conflicts keep mounting. It’s about wiping wealth, destabilizing institutions, and delivering clear geopolitical messages, not only about espionage or disturbance. And for Iran, the lesson is absolutely clear.