- calendar_today September 3, 2025
Predatory Sparrow, a hacker collective generally thought to be guided by Israel, launched a coordinated attack on two of Iran’s most important financial institutions this week in what experts are calling one of the most devastating cyber offensives to date. The group was in charge of shutting down Sepah Bank, one of the oldest and most closely linked banking institutions in the state, as well as Nobitex, Iran’s top cryptocurrency exchange.
This attack is unique not only because of its scope but also because of its purpose.
This attack was about obliteration rather than profit, as is often the case with cybercriminals. According to blockchain tracing company Elliptic, hackers destroyed over $90 million worth of cryptocurrency by sending it to unrecoverable “vanity addresses” with names that resemble political catchphrases, such as “FuckIRGCterrorists.”
“These funds were purposefully burned,” Elliptic co-founder Tom Robinson stated. “No attempt was made to steal. It was a declaration.
Predatory Sparrow claimed in a post on X that Nobitex was a financial wing of the Iranian government that assisted in the financing of terrorism and the violation of sanctions. Through blockchain analysis, Elliptic’s research validates their claims that the exchange handled transactions for organizations associated with the IRGC, Hamas, the Houthis, and Palestinian Islamic Jihad.
Shortly after, Nobitex, which Iranians used extensively for both domestic and international cryptocurrency transactions, went offline. Users are unaware of whether their funds have also been compromised or lost in the attack because the platform has not publicly responded.
The group continued after that.
Predatory Sparrow announced a second strike, this time on Sepah Bank, just hours after the Nobitex takedown. The hackers claimed to have erased all of the bank’s internal data and made public documents that seemed to connect the bank to Iran’s financing of its military and missile programs. The group issued the following warning in their message: “Be careful: Using the regime’s instruments could destroy your financial future. Who will be next?
The impact has been immediate. Insiders have reported widespread disruptions to Sepah Bank’s services, according to Hamid Kashfi, an Iranian cybersecurity analyst currently residing in Sweden. “People have been unable to use ATMs, withdraw cash, or access their accounts. Civilians are being severely impacted by this,” he stated.
Although Sepah’s website was momentarily restored, internal systems appear to have been more severely affected. These disruptions are even more severe in a nation already struggling with economic isolation, sanctions, and inflation.
Predatory Sparrow has previously garnered international attention. The group destroyed Iran’s gas station networks in 2021, causing anarchy across the country. It compromised the control systems of a steel plant the following year, resulting in the spillage of molten metal and a factory floor fire. The group even shared a video of the attack, which was a combination of psychological warfare and cyberstrike.
The majority of experts concur that this is not a group of independent hacktivists, despite the fact that they identify as an Iranian resistance group. They are clearly supported by Israel’s intelligence community based on their high-stakes targets, advanced instruments, and surgical accuracy.
According to John Hultquist of Google’s threat intelligence team, “this is what modern cyberwar looks like.” “Predatory Sparrow has special abilities. They mean business, and they know what they’re doing.
There is more to the attacks on Nobitex and Sepah Bank than just the destruction of data. They are setbacks to Iran’s capacity to contribute to both domestic stability and international finance. In the face of sanctions, cryptocurrency was becoming Iran’s lifeline. Its foundation was Sepah Bank. Both are now injured.
Predatory Sparrow’s message is unmistakable. The phrase “You align with the regime, you pay the price” is more loud than ever.





