Once again in the digital struggle between Israel and Iran, the hacker group known as Predatory Sparrow takes front stage in what looks to be one of the most disruptive cyber offensives in recent memory. Having a history of attacking Iranian infrastructure, the group has lately focused on the financial system of the nation. Their advice is Crystal clear: stop, literally, supporting fund terror or burn-through.

Wednesday saw the group take ownership of two major cyberattacks. First, they singled out Nobitex, Iran’s well-known bitcoin exchange, claiming it was used by the government to evade sanctions and fund terrorism. Then came a follow-up attack on Sepah Bank, among Iran’s most venerable financial institutions. The attack’s extent? large. The fallout from this Still underway.

Predatory Sparrow said on their X (formerly Twitter) account that they had deleted more than $90 million worth of digital assets on Nobitex. There is not a typo in that. Unlike most cybercriminals who pilfers assets for financial benefit, this group burned the money—on demand.

Their logic? Said another way, “these cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions.” The post cautioned readers that using platforms connected to regimes increases their vulnerability.

Blockchain analysis from Elliptic, a crypto-tracing company, verifies the damage. The pilfers went to a number of crypto addresses with messages like “FuckIRGCterrorists.” Vanity wallets—these kinds of addresses—are not recoverable. Once the money is delivered, there is no way to get at it. Clearly, destruction was the aim—never theft.

In the cyber sphere, Elliptic co-founder Tom Robinson notes, this kind of sabotage is rare. “The hackers quite obviously have political rather than financial motivations,” he said. “The crypto they stole has basically been burned.”

Even more sinister, Elliptic’s tracing exposed claims that Nobitex is allegedly connected to IRGC operatives, Hamas, the Houthi rebels in Yemen, and the Palestinian Islamic Jihad. That disclosure gives the hackers’ attack justification more weight.

But Predatory Sparrow threw other punches this week as well.

Declaring they had “destroyed all” of the bank’s data, the group attacked Sepah Bank that same day. They even uploaded what looked to be internal records demonstrating bank- Islamic Revolutionary Guard Corps (IRGC) financial ties.

“Caution: Associating with the regime’s instruments for evading sanctions and funding its ballistic missiles and nuclear program is bad for your long-term financial health,” the hackers said in a follow-up post. Who’s next?

Sepah Bank’s website was offline for a period but appeared to be back to normal by the following day. Neither the bank nor Nobitex, whose own website remained off-line as of Thursday, have made any official remarks.

What then is the real ground impact?

Hamid Kashfi, the founder of DarkCell and Iranian cybersecurity researcher based in Sweden, claims the attacks have had a domino effect. Kashfi claims he has heard rumors from inside Iran about ATMs for Sepah and online banking services going dark. Civilians are experiencing it; many of them cannot get to their money.

Kashfi pointed out that a lot of collateral damage has resulted. “This just seems to be straight-up damaging and chaotic.” Indeed, they assist the military with services. Millions of common people, however, also depend on them.

Predatory Sparrow has made international news before this as well.

The group has historically conducted some of the most advanced cyberattacks in contemporary memory. Targeting Iran’s railway system, they have destroyed thousands of gas station payment systems and, in one extreme case, seized control systems for a steel mill, resulting in molten steel flooding the factory floor. That specific attack nearly killed workers.

Frequently posing themselves as a native resistance force, these hackers go under the Farsi name Gonjeshke Darande. Experts, however, generally agree they are intimately related to Israel’s military or intelligence services.

Now? Why? Why is the financial system?

Some analysts believe it’s because Iran’s maneuverability around international sanctions depends critically on financial institutions like Sepah and Nobitex. Others think it may simply be because they were easy targets. In either case, Predatory Sparrow’s loud and unambiguous message goes beyond mere threat. It is a promise.

“This actor is really serious and very capable,” said Google’s threat intelligence division chief analyst John Hultquist. ” Many groups threaten each other. This is one that will stick, though.