This week Iran’s digital defenses suffered a significant blow as the hacker group Predatory Sparrow—long suspected to be connected to Israeli intelligence—launched two concerted attacks on the nation’s financial systems. The group claims to have destroyed almost $90 million in cryptocurrency assets from the exchange Nobitex and to have erased important internal systems at Sepah Bank, a state-run financial institution intimately linked to Iran’s military elite.

These strikes had nothing to do with data theft or system hold for payback. This time the intention was destruction, meant to convey a message to Tehran and the larger world community observing from the sidelines.

The first hit landed on the biggest bitcoin exchange in Iran, Nobitex. Declaring that the platform was enabling the Iranian government to escape international sanctions and fund terrorism groups including the Islamic Revolutionary Guard Corps (IRGC), Hamas, the Houthis, and Palestinian Islamic Jihad, Predatory Sparrow announced the attack on its X account.

The group chose a different path than passing the pilfers to private wallets. Elliptic claims they sent the assets—totaling more than $90 million—to so-called vanity addresses, blockchain wallets created with politically charged names like “FuckIRGCterrorism.” Once crypto gets delivered to such addresses, it is irretrievable. Burned permanently, it is gone.

Co-founder of Elliptic Tom Robinson said on the very unusual action: “The hackers obviously have political rather than financial motivations. Their pilfers of cryptocurrencies have essentially been burned.

Elliptic also supported the claims of the group. Blockchain investigation revealed Nobitex had handled transactions using wallets connected to approved employees. Nobitex, whose website went dark following the attack, has not yet made public comments.

Within hours of the crypto grab, Predatory Sparrow started another digital assault, this time aimed at Sepah Bank, one of Iran’s most well-known financial institutions closely associated with military funding. The group says all internal data from Sepah’s systems was deleted. It also released what seem to be internal records exposing military links between Sepah and Iran with regard to finances.

“Caution: Associating with the regime’s instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,” the hackers bluntly warned in their public post. Who next?

Sepah Bank’s public-facing website momentarily went down but returned shortly after. Internal operations, though, did not bounce back as rapidly. Based on sources inside Iran, Hamid Kashfi, a Swedish Iranian cybersecurity researcher and DarkCell founder, said that online banking and ATM services connected to Sepah remain down.

“Millions of average people depend on Sepah for regular banking,” Kashfi said. “Although the bank could be connected to the government, the damage goes much beyond those targets. This causes a lot of disturbance.

Predatory Sparrow has come to be a byword for cyberwarfare. In past years, the group disabled thousands of gas stations, brought Iran’s national railway system to a standstill, and even targeted a steel mill, producing molten steel flooding the plant floor. The group posted online video of that attack, which was psychological as well as physical.

Though Predatory Sparrow seeks to present itself as a domestic Iranian resistance group, most analysts concur the group works under Israeli direction or support.

“This is not an amateur operation,” Google’s Mandiant threat intelligence chief analyst John Hultquist said. They run like a military cyber unit, are orderly, well-funded. Their difference is—they are not flaunting.

One cannot overstate the importance of focusing on both conventional banking and digital cryptocurrencies. Iran has been turning to cryptocurrencies more and more as a way around sanctions. A main instrument in that approach was Nobitex. Conversely, Sepah Bank stood for the more traditional financial might of the government.

By striking both simultaneously, Predatory Sparrow not only stopped Iran’s money flow but also sent a warning that financial cooperation with the government is now a liability.

“Who’s next?” their last message hangs over every institution connected to Iran’s military or terror funding like a digital threat.