This week, Iran’s financial underpinnings were tested as the cyberwarfare group Predatory Sparrow attacked one of the most powerful banks and the backbone of the nation using a two-pronged approach.

The attacks were neither subtle nor quiet.

Wednesday saw the hacker group reveal it had hacked Sepah Bank, a major financial institution connected to military and weapon programs in Iran, and Nobitex, the top cryptocurrency exchange in the nation. The strikes taken together rocked Iran’s digital economy.

The Nobitex hack aimed more toward making a point than it did at theft. Elliptic, a crypto tracing company, claims that hackers burned over $90 million in assets and sent the crypto to useless addresses, including phrases like “FuckIRGCterrorists” ingrained in them. These supposedly vanity wallets cannot be recovered. The money has vanished. always permanently.

“This wasn’t a robbery,” Elliptic co-founder Tom Robinson said. “It was designed to be destructive. The attackers wanted to erase, not to profit.

The hackers charged Nobitex with allowing sanctions violations and funding for terrorism for the Iranian government. They especially mentioned financial links between the platform and known Islamic Revolutionary Guard Corps (IRGC) operators, Hamas, and Houthi rebels in Yemen.

Elliptic’s data analysis supports the charge by linking several digital wallets with IRGC ties back to Nobitex.

Nobitex went offline shortly after the hack, and the business has not made any public comments since. Users all throughout Iran are still unsure, and many of them are worried that their money has disappeared without notice.

Should that attack prove insufficient, Sepah Bank came next.

Supported by the publication of several internal documents, Predatory Sparrow declared they had deleted all of the bank’s internal data. These allegedly revealed financial cooperation between military institutions and Sepah’s missile development projects in Iran.

The group’s message was ominous: “Caution: Aligning with the tools of the regime for sanctions evasion may end very badly. Who next?

Hamid Kashfi, an Iranian cybersecurity analyst, claims that Sepah’s online banking system and ATM services were hacked, locking many users out of their own accounts. “The degree of disturbance is difficult to overestimate,” he said. “This directly targets civilians. People were unable to buy groceries, pay their rent, or move money.

Sepah Bank’s homepage later returned online, but sources indicate its internal servers and data system may have been seriously hacked.

For Predatory Sparrow, this is not new ground. Previously upsetting Iran’s fuel distribution system, the group delayed rail traffic and started an industrial sabotage campaign, resulting in a fire at the Khouzestan steel plant. Often sharing footage, papers, or messages meant to humiliate the government and generate worldwide attention, their strategies combine a cyberattack with a public spectacle.

Although the group goes under a Farsi name and bills itself as a domestic movement, many experts think it is a state-sponsored organization linked to Israeli intelligence services.

“The scope, accuracy, and impact of their activities suggest deep resources and strategic intent,” said Google’s Mandiant threat analyst John Hultquist. This is more than just hacktivism. Cyberwarfare on a national level here.

The chosen target for the group emphasizes that point. Nobitex lets the Iranian government send money all around without using the official banking system. Sepah Bank is a formal participant in funding nuclear projects and defense.

Striking both on the same day—and destroying assets in the process—is evidence that Predatory Sparrow wants to do more than just cause disturbance. It intends to destroy.

And looking at the damage, they are succeeding.