Geopolitical tensions in the Middle East have spilled over into the crypto industry. On Tuesday, Nobitex, the largest crypto exchange in Iran, was hacked for more than $90 million, according to the crypto analytics firm Elliptic. A group that calls itself Gonjeshke Darande, or “Predatory Sparrow,” claimed responsibility for the hack. “These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” Predatory Sparrow wrote on X.
Instead of pocketing the $90 million of Bitcoin, Dogecoin, and more than 100 different cryptocurrencies that they raided, the hacking group decided to destroy (“burn” in crypto parlance) the funds instead so as to send a political message, according to Elliptic.
Blockchain addresses, or locations in a database that record how much money someone has, are randomly generated and typically consist of a garbled string of numbers and letters. For this operation, though, Predatory Sparrow sent the hacked funds to addresses that included the phrase “F***iRGCTerrorists.” (IRGC refers to the Islamic Revolutionary Guard Corps, a branch of the Iranian army.)
“To generate addresses with so many specific terms inside it would require so much computing power that you’re not going to do it within any reasonable lifetime,” Arda Akartuna, a lead crypto threat researcher at Elliptic, told Fortune. “So, it seems to have been more of a symbolic hack, as opposed to one where the intention is financial.”
Social media accounts for both Nobitex and Predatory Sparrow did not immediately return a request for comment. “The vast majority of assets are stored in cold wallets and were not impacted,” Nobitex wrote on X after the hack.
“I’ve never seen a hack that has occurred in the way that this one has,” said Akartuna.
Rising geopolitical tensions
The exploit of Nobitex follows days of violent conflict between Israel and Iran.
After a United Nations–backed nuclear watchdog said on Thursday that Iran was not complying with prohibitions against the development of a military nuclear program, Israel launched a series of missiles against the Islamic Republic. Iran retaliated with its own strikes, and the two countries have traded blows over the past six days.
On Tuesday, Predatory Sparrow, which Elliptic’s Akartuna says has repeatedly been linked to Israeli operatives, claimed responsibility for the hack of Iran’s Bank Sepah and destruction of the financial institution’s data. The hackers said the bank repeatedly circumvented international sanctions.
Predatory Sparrow made the same claims of sanctions evasions against Nobitex, which primarily caters to Iranian users. In 2022, the U.S. sanctioned Iranian nationals who used the crypto exchange to launder proceeds from cyberattacks, according to Chainalysis, another crypto analytics firm.
Learn more about all things crypto with short, easy-to-read lesson cards. Click here for
Fortune's Crypto Crash Course.
