Pro-Israel hackers take credit after $90 million stolen from Iran’s largest crypto exchange

Hackers stole the equivalent of roughly $90 million from Iran’s largest cryptocurrency exchange on Wednesday, according to multiple independent crypto-tracking firms.

A skilled pro-Israel hacking group known as “Predatory Sparrow” took credit for the cyberattack, which appeared to be aimed at further weakening Iran amid Israeli’s military strikes on Tehran.

In a post in Farsi on X, the hackers said that they had hit Iranian crypto exchange Nobitex, claiming that Iran used the exchange to skirt international sanctions. And in an extraordinary move, the hackers may have effectively thrown the stolen crypto away by transferring it to digital “wallets” that they don’t have control over, according to multiple cybersecurity experts.

Nobitex acknowledged the incident in a statement on its website on Wednesday, saying that access to the crypto exchange had been “suspended,” as a precaution, until further notice. Crypto-tracking firms Elliptic and TRM Labs confirmed the crypto was stolen and sent to “wallets” or crypto accounts, with an expletive that referenced Iran’s Islamic Revolutionary Guard Corps (IRGC).

In a separate hack on Tuesday, Predatory Sparrow said it had destroyed data at Iran’s state-owned Bank Sepah, claiming IRGC members used the bank’s services as a justification for the action. Iran’s state-affiliated Fars news agency warned of potential disruptions to bank services at gas stations.

The pair of stunning cyberattacks mark an escalation in Israel and Iran’s years-long shadow war in cyberspace, where the arch-enemies — or their supporters — have conducted digital spying and data-destroying attacks for tactical advantage.

Predatory Sparrow has emerged in the last five years to claim spectacular cyberattacks that have previously disrupted an Iranian steel mill and payments at Iranian gas stations. The hackers cast themselves as anti-government Iranian hacktivists but are widely suspected among cybersecurity experts of having ties to Israel.

Much of the cyber activity in recent days, as Israel and Iran trade missile strikes, appears aimed at sowing panic in the two countries. Israelis, for example, have received mass text messages impersonating authorities that claim that bomb shelters aren’t safe.

The Iranian government, meanwhile, has warned citizens not to use the WhatsApp messaging service out of fear that Israel was collecting information from those chats. A spokesperson for Meta, which owns WhatsApp, has called those claims false and underscored that WhatsApp messages are end-to-end encrypted.