A pro-Israel group of hackers on 18 June drained more than $90 million from Iran’s largest cryptocurrency exchange but may have lost all of the proceeds from the heist in the process, according to several crypto tracking firms.
Coins like Bitcoin, Ethereum and Doge were sniped from digital wallets on Iranian exchange Nobitex, which has been linked to the Islamic Revolutionary Guard Corps. The IRGC is a branch of Iran’s military that has been labeled a terrorist organization by the US, United Kingdom, European Union and Canada.[1]
The stolen crypto was funneled to addresses with anti-Iran messages referencing the IRGC, mostly some variation of “F—IRGCterrorists,” according to crypto tracking firm Elliptic. It was transferred to wallets they cannot access, meaning the hackers effectively threw away the riches into cyberspace, according to Elliptic and crypto tracking firm TRM Labs. “Predatory Sparrow would not have the private keys for the crypto addresses they sent the Nobitex funds to, and have effectively burned the funds in order to send Nobitex a political message,” Elliptic said in a press release.
The massive cyberattack, then, appears to be aimed at weakening Iran as it traded missile strikes with Israel for a sixth day on 18 June.
Gonjeshke Darande, the pro-Israel hacking group known as Predatory Sparrow, took credit for the cyberattack and threatened to release the exchange’s source code. It has not yet been conclusively linked to the attack, and the code has not been published. Predatory Sparrow also claimed it carried out a separate cyberattack on state-owned Iranian Bank Sepah this week. It claimed IRGC members had used the bank’s services.
Meanwhile, President Trump on 18 June said his patience with Iran has “already run out.” He refused to say whether he has made a decision on US military intervention in the Israel-Iran conflict. Iran’s Supreme Leader Ayatollah Ali Khamenei earlier warned that any intervention from the US would result in “irreparable damage.”
Past investigations from independent reporters have found ties from Nobitex to IRGC-linked ransomware operatives and individuals close to Khamenei. Nobitex is Iran’s main cryptocurrency exchange, and claims to have more than 7 million users.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msn.com/en-us/news/world/pro-israel-hackers-steal-90m-in-massive-iranian-crypto-heist-but-may-have-lost-all-of-the-loot-for-good-reports/
Comments