Iran’s financial industry turned into ground zero this week in a cyberwarfare simmering for years. Two devastating cyberattacks—one wiping out over $90 million in cryptocurrency from Nobitex and another allegedly destroying internal systems at Sepah Bank, a pillar of Iran’s state-linked economy—were claimed by the hacker group Predatory Sparrow.

These were not your typical cyberspace attacks. No calls for a payment of ransom. Not even a secret backdoor. Not one encrypted server awaits a decryption key. Rather, the operations were meant to inflict maximum damage, psychologically, politically, and economically.

The group started by attacking the top crypto exchange in Iran, Nobitex. A blockchain tracing company called Elliptic claims the hackers transferred tens of millions of digital dollars to permanent vanity addresses. Designed both as a provocation and a guarantee that the money could never be taken, these personalized wallets began with messages like “FuckIRGCterrorists.”

“This wasn’t about theft,” said co-founder of Elliptic Tom Robinson. “It had to do with ruin. The money is gone; it was never meant to be gotten back.

Predatory Sparrow posted on X that the trade helped Iran fund terrorists, including the IRGC, Hamas, and others, by complicity in sanction violations. Elliptic’s investigation confirmed some of those assertions by proving Nobitex had, in fact, dealt with wallets connected to approved organizations.

Nobitex turned silent as users scrambled for responses. The website turned off-line. Not including press releases. There are no warnings. There is no transparency.

Predatory Sparrow hit once more, only hours later.

This time it was Sepah Bank, a pillar of the Iranian economy. The group asserted it had obtained and deleted all internal bank data from servers, then published what it claimed to be internal agreements between the bank and the Iranian military. The point was clear: “Who’s next?”

Founder of cybersecurity company DarkCell, Hamid Kashfi, claims the consequences of the attack transcended simple symbolism. “I have verified that several provinces have Sepah’s ATMs and online banking systems down. Millions of people cannot thus access their pay bills, salaries, or transfer money, he said.

Sepah’s website returned online momentarily, but it is yet unknown if its systems are functional. The knock-on effects keep spreading across Iran’s financial system, meanwhile.

Not the first rodeo for Predatory Sparrow. The group earlier disabled Iran’s fuel system, caused extensive train delays, and even attacked a steel mill, generating a molten metal leak almost fatal. They recorded the event and posted it online; a cybercrime became psychological warfare.

Although the group says it is a homegrown resistance effort, cybersecurity experts almost all agree: this is the work of a state-aligned cyberunit most likely connected to Israel.

“This is not hacktivism,” said John Hultquist of Google’s Mandiant. This is deliberate sabotage with accuracy. And it is just going to get more intense from here.

Iran has been depending more and more on cryptocurrencies to escape financial isolation. That plan revolved mostly around Nobitex. Sepah Bank, meanwhile, helps to finance military projects as well as internal affairs. Disabling both at once, Predatory Sparrow hit at the core of Iran’s hybrid economy—the junction of blockchain and conventional banking.

“Caution: associating with the regime’s instruments for evading sanctions… is bad for your long-term financial health,” the group’s last message lingers like smoke from a battlefield.

In the age of cyberwarfare, privacy or data alone is not at risk. It is the stability of national economies. And Iran just discovered that directly from experience.