On June 18, 2025, the pro-Israel hacktivist group Predatory Sparrow launched a major cyberattack on Iran’s largest cryptocurrency exchange, Nobitex. They stole over $90 million in digital assets. And threatened to expose the platform’s source code, combining technological sabotage with political messaging.
Crypto Burn Protest
Predatory Sparrow allegedly depleted. Nobitex’s wallets of almost $90 million in Bitcoin, Ethereum, and Dogecoin in the early hours of the breach.
The gang effectively burned the cryptocurrency as a political statement by sending the tokens to “vanity” wallets, which are unrecoverable, rather than rerouting the assets onto accessible addresses. These speeches reinforced the group’s ideological stance by being adorned with anti-IRGC words such as “F-IRGC terrorists.”
Elliptic and TRM Labs blockchain analysts verified that these vanity address keys could not be cracked by current computer capabilities, indicating that the breach was symbolic rather than motivated by financial gain.
Nobitex Leak Threat
<p>Predatory Sparrow added a fresh twist by claiming that Nobitex was involved in terrorism financing and sanction evasion and vowed to make its internal source code and data available within 24 hours.
>Even though this code has not been made public yet, the threat alone shakes Iran’s crypto infrastructure and may jeopardize security protocols and unique system architecture.
<p>According to Wired, the allegations were presented in a public post on the group’s X (formerly Twitter) account. Alerting readers to additional weaknesses and possible breaches.
Politically Driven Cyberattack
According to some cybersecurity companies, this is a politically driven attack meant to harm reputations and influence public opinion. Elliptic co-founder Tom Robinson stressed that the organization prioritizes political goals over profit.
>Similarly, Sophos analysts noted that the campaign has characteristics of a government-sponsored initiative, perhaps associated with Israel, and motivated by anti-Iranian rhetoric and sanctions.
After confirming the compromise and alerting users to a “security problem,” Nobitex started the recovery process.
Cyberattacks on Iran
Predatory Sparrow has previously carried out high-impact operations. Previous attacks have disabled extensive payment systems and damaged gas station networks in 2021.
and another interruption to gas station point-of-sale systems in December
>Additionally, they have targeted Iran’s steel factories, physically destroying infrastructure through molten steel breach mechanisms by tampering with industrial control systems.
They most recently claimed complete data erasure at Bank Sepah, a state-owned bank affiliated with the IRGC.
<p>In each instance, the gang identified themselves as Farsi-speaking hackers. Who aimed to undermine Iranian institutions by putting numbers and messages on systems that were visible to the public to suggest internal accountability.
Cyberwarfare Escalates Iran
This cyberattack coincides with rising tensions between Iran and Israel, which include proxy wars and military attacks. Traditional warfare is now extended by cyber operations. According to Reuters, these assaults are a component of a larger cyberwarfare effort that aims to undermine. Iran’s financial and economic systems.
<p>Iran responded by implementing nationwide internet outages that were almost complete, which officials said were necessary for network stability in the face of growing cyberthreats. This blackout highlighted Tehran’s susceptibility to digital pressure, resulting in a 98% drop in traffic.
Nobitex Hack Fallout
Iran’s digital economy has been severely disrupted by the Nobitex hack, underscoring its susceptibility to cyberattacks. In addition to disrupting a crucial economic escape from sanctions. It erodes confidence in fintech infrastructure and creates a risky precedent for targeting financial systems. Additionally, it pushes the limits between cyberwarfare and conventional combat by raising the possibility of state-level reprisal.
Cyberwarfare and Politics
<p>The source code that will shortly be made public may disclose structural flaws in Nobitex’s backend. This could open the door for future exploitation or replication by adversaries. Iran may strengthen its crypto laws, bolster its digital defenses, and update its strategies for evading sanctions.
However, political optics are important. To strengthen its political message. Predatory Sparrow has conflated statecraft and hacktivism, aiming for both public spectacle and the breakdown of infrastructure.
<p>Security experts caution that this attack pattern is indicative of “the new normal” in cyberwarfare, when opponents are destabilized far beyond traditional battlefields by damaging, politically driven attacks on vital infrastructure.
Digital Geopolitical Battleground
<p>The attack on Nobitex, along with profound structural threats and symbolic “crypto burning,” represents a turning point in the cyberwar between Israel and Iran. The ramifications are not limited to financial systems; they also threaten national cyber sovereignty, economic resilience, and confidence. The release of the anticipated source code from Predatory Sparrow could expose Tehran to its greatest digital vulnerability to date. These days, financial platforms could be fronts in geopolitical conflict in addition to being corporate instruments.
Final thoughts
The cyberattack on Nobitex highlights the growing use of financial systems as targets in geopolitical conflicts between Iran and Israel. It shows how cyberwarfare now threatens not only economic assets but also sensitive technology, blending hacktivism with state agendas. This incident underscores the urgent need for stronger digital defenses and raises questions about the role of cryptocurrencies in conflict zones, revealing that modern warfare extends deeply into critical digital infrastructure.
