‘Jacked, burned, and roasted’: How pro-Israel hackers stole $90 million from Iran and leaked source code?

Amid the escalating tensions between Israel and the Islamic Republic, a pro-Israel hacking group by the name Predatory Sparrow (Gonjeshke Darande in Persian) has allegedly taken the responsibility of a cyberattack on Iran’s largest cryptocurrency exchange, leading to the destruction of approximately $90 million worth of digital assets. Several multiple crypto tracking firms believe that this group lost all of the proceeds from the heist after reportedly 'burning' them in process. The attack reportedly occurred on Wednesday, 18 June 2025 on the Nobitex exchange. According to blockchain forensics firms Elliptic and TRM Labs, the hackers had transferred the funds into blockchain wallets for which they did not possess cryptographic keys, rendering the assets inaccessible.

Crypto ‘burning’

This method, which is also known as crypto 'burning', was deliberately carried out to deliver a political message to the Iranian government rather than gain financial profit. The funds are now inaccessible after they were stored in “vanity addresses” for which they do not have the cryptographic keys, The Guardian reported.

Assets or Cryptocurrencies including Bitcoin, Ethereum, and Dogecoin were reportedly taken out from wallets linked to Nobitex and sent to burn addresses. Some of these addresses included phrases or words targeting Iran's Islamic Revolutionary Guard Corps (IRGC), such as “Fu*kIRGCTerroristsNoBiTEX.” The Ethereum tokens were sent to the well-known "0x...dead" burn address, which is a recognised method for permanently removing crypto from circulation.

Source code leaked?

Later, in a social media post on X, Predatory Sparrow confirmed that it had targeted Nobitex and later released its source code. Nobitex, which alleges to serve over seven million users, has previously faced scrutiny for being associated with IRGC-affiliated figures. The exchange went offline following the breach. It later confessed via social media post that it had experienced 'unauthorised access' and had deactivated its website and app to investigate what happened.

This attack just comes a day after this Predatory Sparrow claimed it's responsibility for destroying the data at Bank Sepah, which is the state-owned bank of Iran. The group’s actions closely follows recent Israeli airstrikes on Tehran’s nuclear facilities and are seen as part of a broader digital and geopolitical confrontation between Israel and Iran.

Predatory Sparrow is assumed of having ties with the Israeli intelligence, and has previously targeted Iranian infrastructure. The group's name is viewed as a counterpoint to "Charming Kitten," an Iranian cyber-espionage unit.

The major concern is that recovery of the stolen crypto is impossible, as Blockchain analysis confirms that none of the stolen funds were moved to crypto exchanges or mixer. Analysts suggest that the symbolic destruction of the funds was aimed at damaging Iran’s capacity to use cryptocurrency to evade international sanctions.