A single hacker group has executed one of the most damaging financial cyberattacks in recent memory, transforming the conflict between Iran and Israel into the digital sphere. Known as Predatory Sparrow, or Gonjeshke Darande in Farsi, the group revealed on Wednesday that it had effectively carried out cyber operations against Sepah Bank, a pillar of the nation’s financial system, and Nobitex, Iran’s top bitcoin exchange. The results? Missing assets, erased data, and disrupted civilian access to fundamental banking services.

The unique and shocking way of execution distinguishes this attack. The hackers burned over $90 million worth of cryptocurrency by moving it into vanity wallet addresses—blockchain destinations starting with phrases like “FuckIRGCterrorists”—that cannot be accessed or recovered, rather than looting bitcoin wallets. Elliptic, the blockchain analysis company tracking the sabotage, claims that this was an unusual situation whereby destruction—rather than theft—was the aim.

Co-founder of Elliptic, Tom Robinson, said: “The hackers obviously have political rather than financial motives. Their stolen cryptocurrency has essentially been burned. The group charged Nobitex with serving as a tool for the sanctions evasion schemes of the Iranian government and of offering a means of financing terrorism using cryptocurrencies. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk,” they said on social media in a sharp warning.

Elliptic’s more thorough research linked Nobitex’s operations to multiple approved actors, including Hamas, the Houthis, and Palestinian Islamic Jihad in addition to operatives from Iran’s IRGC. Clearly, Nobitex was not only a blank canvas. To the hackers, it was a channel for illicit state-sponsored activities.

The second attack came right away. Targeting Sepah Bank, predatory Sparrow claimed to have erased all of its data. The group leaked what seemed to be internal records exposing Sepah’s financial contacts with the IRGC and support of the Iranian military. The accompanying release’s message cast minimal uncertainty about the reason: “Please be careful: Your long-term financial situation suffers when you support the instruments of the government for avoiding sanctions and fund its nuclear program and ballistic missiles. Who comes next?

The website of Sepah Bank crashed and remained unreachable for many hours. Later, it returned online, although no official reaction was given. Conversely, Nobitex’s website stayed down at the time of writing, and the business could not be contacted for comment. The silence from both organizations has simply heightened public anxiety.

Beyond the internet headlines, the effects on actual life are starting to show themselves. Based in Sweden, Iranian cybersecurity researcher Hamid Kashfi informed reporters that customers cannot access their money as Sepah Bank’s online banking systems and ATMs have been offline. “A lot of collateral damage has resulted,” he said. “The attack is hitting daily dependent civilians, not only military-connected infrastructure.”

Predatory Sparrow has a long history of causing damage much beyond cyberspace. Previous strikes disabled thousands of gas station payment terminals, upsetting fuel distribution and shutting down Iran’s railway network. Taking over the control systems of a steel plant, they coordinated one of the most physically dangerous cyberattacks on record, causing molten metal to spill across the manufacturing floor. The group uploaded an online video of the event.

Though they try to present themselves as a local Iranian group, most analysts agree that Predatory Sparrow works with backing—or at least indirect support—from Israel’s intelligence service. Their access to operational timing, messaging, and critical systems points to a great degree of planning and coordination.

Chief threat analyst at Google, John Hultquist, summed up the group’s threat: “This actor is very serious and very capable. They are carrying out warnings, not merely issuing ones.

These strikes represent a turning point in the deployment of cyberwarfare, not only to create inconvenience but also to cause permanent financial damage. Iran’s economic infrastructure has suffered greatly as Nobitex, now a smoldering ruin in the crypto world, struggles to recover. And given Predatory Sparrow’s message, this could only be the start.