Two of Iran’s most significant financial institutions—Sepah Bank, a long-standing state-run bank connected to the country’s military operations, and Nobitex, the leading bitcoin exchange—have been disrupted by a merciless cyberattack started by the Israeli-linked hacker group.

Still, this went beyond simply breaking systems or pilfering money. It revolved around erasure. And it was deliberate.

Predatory Sparrow visited its official X page earlier this week to take ownership of a cyberattack on Nobitex. Blockchain forensics company Elliptic claims the group burned over $90 million in cryptocurrencies in a bold and very symbolic action. They sent the money to custom-built “vanity addresses” bearing names like “FuckIRGCterrorists,” not into wallets they control. These addresses are essentially black holes; any money sent there is lost irreversibly.

“This wasn’t about theft,” said co-founder Elliptic’s Tom Robinson. “That was a political destruction act. Their pilfering of cryptocurrencies has essentially been burned.

The group’s comment charged Nobitex with central cog in Iran’s machinery for sanctions evasion and terrorist financing. Elliptic claims that the trade handled transactions related to the IRGC, Hamas, the Houthis, and Palestinian Islamic Jihad—all groups subject to severe worldwide sanctions.

The website of Nobitex has been offline since the attack. Thousands of users are left in the dark, unsure if their accounts and holdings survived without a response from the company.

The second blow landed quickly.

Predatory Sparrow quickly said it had compromised Sepah Bank and erased all of its internal records. Along with alliances with military institutions, the group uploaded records it claimed to be evidence of the bank’s participation in funding Iran’s nuclear program and ballistic missile development.

Their direct and ominous warning to others was “Who’s next?”

Sepah Bank’s website recovered rather quickly, but damage under the surface could be much more important. After the attack, ATMs and digital banking systems connected to Sepah stayed offline for days, according to Sweden-based cybersecurity specialist Hamid Kashfi with ties to Iran.

“People cannot access salaries, pay bills, or move money. This is upsetting daily life, not just a punishment aimed at a government target. “There is a genuine human cost to this.”

That human cost is not novel in Predatory Sparrow’s playbook. The group has a history of anarchy; past stops of fuel supplies, freezing of Iran’s national railway system, and even industrial disasters. Their breach of the control system of a steel plant resulted in molten metal flooding the manufacturing floor, just missing the staff. Confirming their intention to inflict physical damage, the group posted a video of the incident.

Although Predatory Sparrow seems to be a grassroots Iranian group, cybersecurity experts mostly agree that it follows Israeli intelligence services’ direction, or at least with their blessing.

“This group is disciplined, tactical, and well-resourced,” Google’s senior threat analyst John Hultquist said. They are not merely indicating capacity for signaling. They are carrying out with force.

The symbolism of this most recent wave of attacks adds significance. Predatory Sparrow has changed the objectives of cyberwarfare by burning crypto instead of pilfering it and by undermining a big bank instead of profiting from it. This was more about making a high-stakes political statement, loud and permanent, than about disturbance.

And with their last words, “Who’s next?” the hackers made clear that this won’t be their last action.