An Israel-affiliated hacking group, Gonjeshke Darande, also known as Predatory Sparrow, has taken credit for a significant theft of $90 million (£67 million) from the Iranian cryptocurrency exchange Nobitex. This announcement followed their claim of a cyber-attack that purportedly destroyed data at Bank Sepah, a state-owned institution in Iran.
Elliptic, a consultancy focusing on cybercrime in the cryptocurrency sector, reported that over $90 million in cryptocurrency has been traced from Nobitex wallets to addresses controlled by the hackers. These funds appear to have been made permanently inaccessible, as they were transferred to “vanity addresses” for which the hackers do not possess the necessary cryptographic keys. Tom Robinson, Elliptic’s co-founder, stated that it would take the existing technology billions of years to generate the keys for these addresses.
The stolen funds are stored in addresses that include a variation of the phrase “F*ckIRGCterrorists.” In a post on social media platform X, Predatory Sparrow indicated that they targeted Nobitex intentionally and hinted at releasing its source code and internal information.
Despite being frequently described as linked to Israel in local media, the actual identity and nationality of Predatory Sparrow remain unverified. However, Elliptic noted that there is no confirmation that the group moved the funds, although the operation appears to be connected to the ongoing tensions between Israel and Iran. Cybersecurity expert Rafe Pilling from Sophos commented that while there’s no direct evidence of state sponsorship, the nature of the group’s operations suggests it could be a government-backed initiative aimed at disrupting entities tied to Iranian funding networks.
Nobitex has acknowledged a “security incident” and is currently working on a recovery plan. In a separate post, Predatory Sparrow claimed to have compromised Bank Sepah’s data, alleging it supports the Iranian military. The bank’s international branch in London has been approached for a response.
In another development, reports indicate that Iran is experiencing a severe internet blackout, with Cloudflare noting that connectivity dropped nearly 98% compared to the previous week. However, Iranian government spokesperson Fatemeh Mohajerani has indicated that this slowdown is a deliberate measure to enhance network stability and mitigate cyber threats, rather than a direct result of the hacking activities.