Iran’s financial system has come under fire from one of the most elusive hacker groups on the global scene—Predatory Sparrow, also known by its Farsi name—in a breathtaking escalation of digital conflict. Said to be in line with Israeli intelligence services, the group claimed responsibility for a planned cyber attack aiming at Sepah Bank, a state-affiliated financial institution, and Nobitex, Iran’s top cryptocurrency exchange.

The effect has been nothing less than catastrophic.

Blockchain analytics company Elliptic claims that hackers wrecked over $90 million worth of cryptocurrency owned by Nobitex. But in a turn of events that distinguishes this attack, the money was burned on intent rather than theft. Starting with phrases like “FuckIRGCterrorists,” the group moved the assets to so-called “vanity addresses.” These addresses are created specifically to be unrecoverable, so transforming the crypto into digital ash.

It was not about money here. It was about messaging, said Tom Robinson, co-founder of Elliptic. “The hackers quite obviously have political rather than financial motivations.”

According to Predatory Sparrow’s claims, Nobitex was enabling transactions in violation of international sanctions for groups including the IRGC, Hamas, and other terrorist-linked groups. Elliptic supported those assertions with blockchain data proving Nobitex connected to approved wallets.

Soon after the attack, Nobitex’s platform went dark. Not one public comment has been offered. Among thousands of users, many of whom depend on the platform amid Iran’s economic crisis, the silence has simply heightened anxiety.

And then came the second wave.

Claiming to have totally wrecked its internal data systems, Predatory Sparrow declared it had broken Sepah Bank. Along with their claim, the group released records purportedly linking Sepah to Iran’s military and nuclear initiatives.

Their advice is “Who next?”

Based on contacts inside Iran, Sweden-based cybersecurity researcher Hamid Kashfi said he has heard reports that Sepah’s ATMs and digital banking systems are still not working. Millions of people who depend on that bank already suffer from this attack. It is much more than a symbolic strike, Kashfi remarked.

Predatory Sparrow has a long history of upsetting Iran’s vital systems. From closing gas stations and paralyzing the railway system to seizing control systems at a steel plant and starting a nearly fatal fire, the group has regularly carried out high-risk, high-impact actions. In every case, they presented evidence—sometimes video—to highlight the damage.

Though they present themselves as an Iranian group, most analysts agree that Predatory Sparrow is directly related to Israel’s cyber activities. Their targets, instruments, and strategic goals fit too precisely the larger geopolitical conflict raging in the Middle East.

“They’re not amateurs,” said John Hultquist of Google’s Mandiant threat intel team. “They’re focused, successful, and obviously have backing from a state-level actor.”

The nature of the damage in these strikes distinguishes them. Rare in cyberattacks is burning crypto instead of pilfering it. Even more extreme is destroying internal banking data rather than using it. Both point to one thing: destabilization is the aim rather than profit.

The destruction of Nobitex sends a strong message as Iran turns more toward cryptocurrencies to escape economic sanctions. Furthermore, given the data of Sepah Bank in ruins, the lesson is even clearer: no financial institution is immune if it helps the dictatorship.

The last words from Predatory Sparrow seem to be a digital warning shot: “Caution: Associating with the regime’s infrastructure may cost you everything.”

Now the world will be closely observing to determine who might be next.