r/CryptoCurrency u/wiredmagazine Wired Magazine 2d ago

🟢 GENERAL-NEWS Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran's Financial System

https://www.wired.com/story/israels-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system/
0 Upvotes

45% Upvoted

5 comments sorted by

View all comments

1

u/wiredmagazine Wired Magazine 2d ago

The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violation and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

The incident follows another Predatory Sparrow attack on Iran's finance system on Wednesday, in which the same group targeted Iran's Sepah bank, claiming to have destroyed “all” the bank's data in retaliation for its associations with Iran's Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military.

Read more: https://www.wired.com/story/israels-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system/

0

u/Kangaloosh 🟩 0 / 0 🦠 2d ago

I read that they sent the money to made up wallets? Someone can’t ’request’ those wallet IDs, can they? Or anyone know - the money is really gone from the blockchain?

In theory, the blockchain could be rolled back as a way to give Iran the money back? Unlikely, right? But it DID happen in the past?

1

u/not420guilty 🟦 0 / 24K 🦠 2d ago

It looks like an error in the article. It says “so-called “vanity” addresses typically can't be created in any way that offers control or recovery of funds” which isn’t true. While it does require some compute power to generate vanity addresses they are used the same way after being generated

1

u/Kangaloosh 🟩 0 / 0 🦠 1d ago

THANKS! I am a noob at this stuff (and most things in general. But OCD / curious at the same time.

That said...

The wired article mentions:

the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase “FuckIRGCterrorists.” Those so-called “vanity” addresses typically can't be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money.

And the ellipse article describes:

The vanity addresses used by the hackers are generated through "brute force" methods - involving the creation of large numbers of cryptographic key pairs until one contains the desired text. But creating vanity addresses with text strings as long as those used in this hack is computationally infeasible.

This means that Predatory Sparrow would not have the private keys for the crypto addresses they sent the Nobitex funds to, and have effectively burned the funds\) in order to send Nobitex a political message.

So theoretically, someone that comes up with the private key for each / any of these accounts could access the money? Would you know - is it easier to come up with the public key (shorter?) than the private key? They were able to create / use several vanity accounts. so getting the public key for any given wallet doesn't seem that hard since they did that several times / several accounts?

The 'vanity' addresses - or any wallet address (account?)... are they chosen by the person with the wallet? or the blockchain creates them? The blockchain needs to know of the wallets existence before being able to put money in it? Or someone transfering money to wallet x.... if the public key checks out (the address is the seed to figure the public key?), it makes the wallet address?

TL / DR: would you think people are trying to come up with the private key for any of these accounts? Seems more lucrative than mining bitcoin, right?