Hackers destroy $90 million in Iran crypto exchange: report

An anti-Iranian hacking group known as Gonjeshke Darande, or 'Predatory Sparrow', claims to have destroyed nearly $90 million worth of cryptocurrency in an attack on Iran's largest crypto exchange, Nobitex, on Wednesday, according to a recent report by Reuters. This marks the second high-profile cyberattack in two days by the group, which has suspected links to Israel.

According to Reuters, the hackers said Nobitex had been helping the Iranian government bypass international sanctions and finance illicit activity. In a statement posted online, the group accused the platform of facilitating financial operations for the Islamic Revolutionary Guard Corps (IRGC). Nobitex's website and mobile app were taken offline on Wednesday, with the company later confirming on X that it was investigating "unauthorised access" to its systems.

Blockchain analysis firms say the attack was politically motivated rather than financially, says the report. TRM Labs estimated the total value of destroyed assets at around $90 million, transferred to wallets that are believed to be inaccessible. Elliptic, another blockchain analytics firm, described the act as symbolic, stating that "the hackers effectively burned the funds in order to send Nobitex a political message." Elliptic also released evidence that Nobitex had previously transferred funds to wallets associated with Hamas, Palestinian Islamic Jihad, and Yemen's Houthi rebels—all groups hostile to Israel.

The Reuters report adds that Gonjeshke Darande has a history of targeting critical Iranian infrastructure. In 2021, the group was behind an attack that shut down gas stations across Iran. The following year, it claimed responsibility for a cyberattack on a steel plant that caused a large fire. While Israel has not officially acknowledged any connection to the group, Israeli media frequently describe it as aligned with Israeli interests, states the report.

The timing of the attack comes amid escalating tensions and missile exchanges between Iran and Israel. Just a day before the Nobitex hack, the same group claimed it had wiped data from Iran's state-owned Bank Sepah.

Andrew Fierman, head of national security intelligence at Chainalysis, confirmed the figure of $90 million to Reuters, and said the attack was "likely geopolitically motivated, given that the money was burned." He added, "We've previously seen IRGC-affiliated ransomware actors leveraging Nobitex to cash out proceeds, and other IRGC proxy groups leveraging the platform."