An Israeli anti-Iranian hacking group has claimed a US$90 million heist on an Iranian cryptocurrency exchange.
The group known as Gonjeshke Darande or Predatory Sparrow claimed on X to have destroyed data at Iran’s state-owned Bank Sepah amid increasing hostilities between Israel and Iran.
According to blockchain analysis firm Elliptic, the money was sent from Nobitex wallets to hacker addresses.
“The cyberattack on Nobitex was because it is a tool for financing terrorism and violating sanctions,” the group posted to X.
“Association with such institutions will put your assets on the path to destruction.”
Instead of pocketing $90 million worth of cryptocurrency, the hackers burned the funds to send a political message.
“While we don’t expect to find strong technical links between Israel and Predatory Sparrow, the actions of the group align strongly with Israel’s regional priorities. You'd be hard pushed to find another candidate country in the region with the capability to perform these attacks,” director of threat intelligence at the cybersecurity firm Sophos, Rafe Pilling told the Guardian.
Blockchain addresses or locations that record how much someone has are randomly generated strings of numbers and letters. However, for this operation, Predatory Sparrrow sent the funds to addresses that included the phrase “FuckiRGCTerrorists.” (IRGC refers to the Islamic Revolutionary Guard Corps, a branch of the Iranian army.).
Nobitex issued a statement regarding the security incident and said all affected systems were isolated.
“All user funds remain safe. The vast majority of assets are stored in cold wallets and were not impacted. The breach was limited to a portion of our hot wallet, which is used for day-to-day liquidity,” Nobitex wrote on X.
