The conflict between Israel and Iran also has a cyber dimension, as hackers with links to Israel have drained over USD$90 million from Iran’s largest cryptocurrency exchange.
The group claiming responsibility is called Gonjeshke Darande — “Predatory Sparrow” in Farsi. It said on Telegram on Thursday that it had released the company’s full source code, and now any assets left in Nobitex were entirely vulnerable.
Hackers transferred the stolen funds to addresses containing messages that criticized Iran’s Revolutionary Guard, according to blockchain analytics firm Elliptic. The firm said the attack likely wasn’t financially motivated. Also, it noted the wallets “effectively burned the funds” to send Nobitex a political message.
In a post on X, the hacker group claimed responsibility and accused Nobitex of aiding Iran’s government in evading Western sanctions. It also alleged that Nobitex helped fund militants and support Iran’s nuclear program.
Nobitex appeared to confirm the breach. Additionally, it reported “unauthorized access” to its systems. Its app and website went offline during the investigation.
The theft involved multiple cryptocurrencies, including Bitcoin, Ethereum, and Dogecoin, said Andrew Fierman, head of national security intelligence at Chainalysis. He added the breach was “particularly significant given the comparatively modest size of Iran’s cryptocurrency market.”
The hack appears linked to rising tensions in the Israel-Iran conflict. Last week, Israel struck Iran’s nuclear sites and military officials. Tehran responded with missile barrages.
Additionally, the hacker group claimed it had destroyed data in a cyberattack on Iran’s state-controlled Bank Sepah on Tuesday.
Read more: Hive Digital levels up Bitcoin mining by passing the 10 exahash per second mark
Read more: Riot Platforms sells off large stake of Bitfarms
Israeli media linked the group to Israel
Elliptic reported that relatives of Iran’s Supreme Leader Ali Khamenei were linked to Nobitex. It also said sanctioned Revolutionary Guard operatives used the exchange. Additionally, the firm shared evidence that Nobitex transferred funds to wallets controlled by Iranian allies, including Yemen’s Houthis and Hamas.
Gonjeshke Darande has claimed previous attacks against Iran. In 2021, it paralyzed gas stations. In 2022, it targeted a steel mill, sparking a large fire.
Israeli media have widely linked the group to Israel. However, Israel’s government has never officially acknowledged any connection.
Further, U.S. Senators Elizabeth Warren and Angus King raised concerns last year about Iran’s use of crypto to bypass sanctions.
Hacking has increasingly become a tool for political messaging, cyberwarfare, and economic disruption. In particular, cryptocurrency exchange hacks allow groups to fund operations, destabilize adversaries, or send ideological signals without relying on traditional financial systems.
These hacks often bypass borders and sanctions, making them attractive to state-aligned actors and hacktivist groups alike.
North Korea’s Lazarus Group is one of the more prominent examples.
They are a state-sponsored hacking collective responsible for numerous high-profile cyberattacks. The group has targeted banks, infrastructure, and cryptocurrency exchanges worldwide. Their operations often serve two purposes: generating revenue for the isolated regime and undermining global confidence in Western financial systems.
In 2022 alone, Lazarus reportedly stole over USD$600 million in digital assets from the Ronin Network, a platform connected to the metaverse game Axie Infinity. Analysts believe much of that money helped fund North Korea’s weapons programs, skirting international sanctions.
.
