Iran’s digital finance ecosystem suffered a major blow on Wednesday following a coordinated cyberattack that drained approximately $90 million in crypto assets from Nobitex, the country’s largest cryptocurrency exchange.
The incident, confirmed by blockchain analytics firms Elliptic and TRM Labs, has intensified concerns about the vulnerability of Iran’s digital infrastructure amid rising geopolitical tensions.
The cyberattack has been attributed to Predatory Sparrow, a high-profile pro-Israel hacking group that has previously executed sophisticated operations targeting Iranian industrial and financial institutions. In a statement posted on X (formerly Twitter), the group claimed responsibility, stating the breach was a direct response to Iran’s alleged use of Nobitex to bypass international sanctions and fund military-linked activities.
According to data from independent blockchain investigators, the stolen assets were sent to wallets containing anti-IRGC messages—strongly suggesting the strike was politically motivated rather than financially driven. Analysts noted that the funds were effectively “burned” through deliberate transfers to inaccessible wallets, rendering them unrecoverable.
Nobitex Confirms System Freeze
In a public notice posted to its website, Nobitex acknowledged the breach and announced the suspension of operations “as a precautionary measure,” while internal systems and funds were being reviewed. No official timeline has been provided for resuming full access.
The exchange, which plays a central role in Iran’s domestic crypto transactions, has come under scrutiny in the past over its potential role in facilitating unofficial cross-border transfers. The latest attack highlights not only its systemic importance but also the growing use of cyberwarfare in geopolitical conflicts.
Escalation in Israel–Iran Cyber Conflict
This incident marks the latest escalation in a years-long shadow cyberwar between Israel and Iran. Just a day earlier, Predatory Sparrow claimed to have compromised Bank Sepah, a state-owned financial institution allegedly linked to members of Iran’s Islamic Revolutionary Guard Corps (IRGC). The group claimed to have erased critical data, further pressuring Iran’s financial networks.
The Iranian government has yet to issue an official statement on the Nobitex breach, but state-affiliated media warned citizens of potential disruptions to bank and digital financial services. Local sources in Tehran reported widespread ATM outages, with many machines out of service or cashless across key districts.
WhatsApp Surveillance Fears and Disinformation Campaigns
Amid the cyberattacks, Iranian authorities have warned citizens against using WhatsApp, citing concerns that Israeli intelligence may be exploiting the platform to monitor communications. Meta, WhatsApp’s parent company, rejected the claims, emphasizing the app’s end-to-end encryption protocols and privacy safeguards.
Simultaneously, reports have emerged of Israeli citizens receiving spoofed emergency messages falsely claiming bomb shelters were unsafe, underscoring the use of digital disinformation as a parallel weapon in the broader conflict.
Implications and Outlook
The $90 million breach at Nobitex represents one of the largest politically motivated crypto-related cyberattacks in recent history. It raises serious questions about the resilience of Iran’s digital infrastructure and its ability to safeguard financial systems amid mounting international and internal pressure.
While the Iranian regime has relied on crypto channels like Nobitex to mitigate the effects of global sanctions, this latest development underscores the strategic vulnerabilities of such dependencies. As both Israel and Iran continue to leverage cyberspace as a frontline in their conflict, further disruptions to financial and digital networks remain highly likely.
Industry stakeholders expect more robust security protocols to emerge in response to the breach, but with cyber offensives intensifying, digital infrastructure across the region is expected to remain a critical battleground in the evolving geopolitical landscape.
