Two of Iran’s most important financial pillars fell this week—not from inflation or sanctions but from a keyboard attack targeted with accuracy by the elusive hacker group Predatory Sparrow.

Targeting first Iran’s top cryptocurrency exchange, Nobitex, and then disabling Sepah Bank, a pillar of the nation’s conventional financial system, the group claimed responsibility for a double cyber attack. These strikes together signaled a change in the terrain of digital warfare, where sabotage replaces theft and chaos replaces code, so transcending mere inconvenience.

The operation started with the destruction of almost $90 million worth of cryptocurrency owned by Nobitex. Unlike most crypto hacks, though, this one was not about fund syphoning into anonymous wallets. Blockchain analysis company Elliptic claims the attackers paid the money to vanity addresses—wallets bearing names like “FuckIRGCterrorists.” Design prevents these addresses from being recoverable. Stated differently, the money was set on fire.

“This wasn’t about profit,” said co-founder of Elliptic Tom Robinson. “This pertained to political messaging.” Their stolen cryptocurrencies have essentially been burned.

Predatory Sparrow claimed the crypto exchange was funding organizations under worldwide sanctions including the Islamic Revolutionary Guard Corps, Hamas, and others from Iran’s government. Elliptic’s research verified transactional links between wallets linked to these groups and Nobitex.

The website of the exchange has stayed off-line and no explanation has been given. Users of the sudden disappearance have left a path of uncertainty and anxiety; were their belongings caught in the crossfire?

Soon after came the second strike. Predatory Sparrow said it had destroyed internal systems of Sepah Bank. The group uploaded records implying Sepah directly dealt with Iran’s military and defense sector in order to support their claim.

Their accompanying message was quite eerie. “Caution: Your long-term financial situation suffers if you support the regime’s tools for avoiding sanctions and funding its ballistic missiles and nuclear program. Who comes next?

Sepah’s public website came back fast. On-the-ground reports, however, present a different picture. DarkCell’s founder, Hamid Kashfi, claimed to have received messages from within Iran verifying that Sepah’s digital systems and ATMs have stayed down.

“Civilians are suffering consequences too; it is not only institutions that suffer,” Kashfi said. “This degree of disturbance influences daily banking, bill payment, and salary access.”

Predatory Sparrow got its name from actions that disturb actual systems, not from ones that only grab headlines. The group has past destroyed Iran’s industrial facilities, gas distribution systems, and railroads. In one of its most notorious activities, it broke into the control system of a steel plant, releasing molten metal across the floor almost killing employees. The group itself uploaded the video that caught that instant.

Though they seem to be a domestic movement, experts are certain of foreign support—probably from Israel. Their skills point to a degree of accuracy only found in state-level support.

Google’s cybersecurity analyst John Hultquist cautioned, “Predatory Sparrow isn’t just playing games. When they say they will act, they act—with impact and accuracy.

These twin strikes count more than two separate events. They signal a change of direction. In the geopolitics of today, money and codes have become weapons, and those who support governments operate outside of international norms.

Predatory Sparrow’s last words, “Who’s next,” went beyond mere taunting of the Iranian government. They put every linked institution under alert. There is no safe server in this new digital battlefield.