This is why we Bitcoin!
Usually I make these “breaking news” posts for paid members only, and in the future I will do so again. I broke from that general rule today because I really hope some of you see this as a wake up call to the fragility of these centralized, trusted 3rd parties and power structures. Every one of us has exposure to this risk, but only some of us have a safety net that lives outside that risk. Please consider your own best interests, because nobody else is going to do it for you. Diversifying your risk vectors is more important than diversifying your investments or income streams (IMHO).
TL;DR summary
A pro-Israel hacking crew calling itself Predatory Sparrow crippled Iran’s state-owned Bank Sepah on 17 June, wiping key databases and knocking out most ATMs and online banking.
The very next day it “burned” ≈ $90 million in crypto held by Iran’s largest exchange Nobitex, sending coins to vanity addresses that no one can unlock.
Iran responded by throttling national internet traffic by up to 97 % for two nights and imposing a nightly curfew on all domestic exchanges.
A follow-on probe hit Bank Pasargad on 19 June; Tehran says it “repelled” the attack, but the bank’s site remains in maintenance mode.
One malicious script froze millions of civilians out of their money. A self-custodied Bitcoin key, stored offline, cannot be frozen, blacked-out or burned. That’s the point.
What happened and when
17 Jun
Predatory Sparrow posts: “We destroyed IRGC’s Bank Sepah data.”
Bank website down, branches closed, > 80 % ATMs offline.
18 Jun
Same group empties Nobitex hot wallets, burning ≈ $90 M BTC/ETH/XRP.
Largest politically-motivated crypto burn to date; withdrawals halted
18 Jun late
Nationwide internet traffic plunged 75-97 %.
Mobile banking, POS terminals, even SMS disrupted.
19 Jun a.m.
Probe against Bank Pasargad — officials say the attack was “thwarted.”
Site shows static notice; customers report zero access
19 Jun noon
Central Bank orders crypto-exchange curfew (10 a.m.–8 p.m. IRST).
Overnight trading and withdrawals locked; capital-flight fears rise.
What will tomorrow bring? Your guess is as good as mine.
Who is Predatory Sparrow?
Active since 2021:
Oct 26, 2021 – Nationwide fuel-card breach
Struck Iran’s government-issued fuel-card network and digital billboards, paralyzing all ~4300 gas stations by corrupting payment systems and displaying “cyberattack” error messages..June 27, 2022 – Khuzestan steel-mill sabotage
Struck three IRGC-affiliated steel plants (including Khuzestan), manipulating HMIs to override furnace safety interlocks, causing molten steel to overheat, breach containment, and ignite on the shop floor.July 2023 – National rail-ticketing takeover
Hijacked Iran’s rail-transit network by breaching ticketing servers and defacing electronic displays, halting passenger services and sowing operational chaos.June 17, 2025 – Bank Sepah data wipe
Breached IRGC-linked Bank Sepah, deploying wiper malware to erase key databases and knock out online banking and > 80 % of ATMs nationwide.
Their tradecraft (multi-stage wipers, timed data leaks, Persian-language taunts) matches Israeli-grade operations rather than hobby hacktivists.
I feel like we are all aware of the North Korean hacker group known as The Lazarus Group. This is the Israeli doppelganger.
Why this matters beyond Tehran
Simply put, the banking system is not secure. Not in Iran, and very likely not in the US or anywhere else.
Single-point fragility – One SQL (Structured Query Language) injection sank a century-old bank.
Collateral damage – Gas pumps, payroll rails, government benefits and grocery purchases all stalled because one institution went dark.
Information vacuum – Sepah clients learned via Telegram screenshots, not official channels; transparency is optional in centralized finance.
Geo-cyber spill-over – Digital salvos are faster-than-missile and ignore borders. If your wealth relies on an institution that can be hit to hurt a state, you’re collateral.
Bitcoin answers every failure mode
Centralised bank and exchange failure due to centralized data centers
Bitcoin replicates the entire transaction history on tens of thousands of independent nodes around the world—no single outage can erase the ledger.
Bitcoin’s ledger lives on ~50 000 independent nodes; deleting one copy, or 1000 copies is irrelevant.
Admins & governments freeze accounts
Bitcoin requires a valid private-key signature for any spend, so neither banks nor states can halt or reverse your self-custodied funds.
Recovery depends on off-site backups
Bitcoin embeds every past block on every full node—every copy of the chain is a backup, guaranteed by global consensus
Internet blackout = no access vs. Radio, satellite or mesh still broadcast blocks
Bitcoin allows transactions and block propagation over radio, satellite, mesh networks, or any peer-to-peer channel—even if ISPs go dark.
One breach wipes balances
Bitcoin would force attackers to out-hash the entire honest network and rewrite every block to “undo” transactions—an astronomically costly, practically impossible feat
Don’t get me wrong, this was no easy feat. Predatory Sparrow probably chained several previously-unknown, very expensive exploits. This was a highly sophisticated, multi-million-dollar, nation-state–level intrusion. Taking down Bank Sepah cost a handful of “zero-days”. But if it can happen to them, it can likely happen to us too.
Zero-day (0-day) vulnerabilities are security flaws that the software maker doesn’t yet know exist, so there are “zero days” to patch them.
Re-writing Bitcoin requires remaking every block and overpowering the honest majority’s hash-rate — an energy bill bigger than most nations’ grids. Realistically impossible under current conditions.
Practical self-defence: cold-storage crash course
Get a hardware wallet (Trezor, Coldcard, Ledger).
Air-gap key creation — generate and verify seed entirely offline.
Stamp seed in steel — paper burns, SSDs fry.
2-of-3 multisig — store keys in separate jurisdictions (home safe, bank box, trusted friend).
Annual fire-drill — restore a test wallet every year.
Privacy hygiene — use coin-control, coin-join if needed, minimise custodian fingerprints.
If that sounds paranoid, ask anyone queuing at a dead Sepah ATM if they wish they’d been more paranoid 48 hours ago.
The steps above are a starting point for you to THINK about your security. Your Bitcoin self custody security is YOUR responsibility. Do you need a multisig for every wallet you have? probably not. Is stamping seed phrases always the best solution? definitely not. But you have to start somewhere! Your level of security is literally only constrained by your ability to imagine it.
The main point here is that there are endless unknown (to you) risks of allowing someone else to hold your wealth. This applies to CoinBase as much as it does Bank of America.
Am I telling you to drain your bank account? Of course not. But the old saying about putting all of your eggs into one basket is applicable. And if you do, then it better be one hell of a strong basket (cough-ColdCard-cough)
Macro implications
Cyber-escalation spiral — Expect Iranian crews (e.g., MuddyWater) to probe Israeli finance in kind; global banks should assume they’re targets.
Regulatory whiplash — More aggressive KYC/AML and wallet-blacklist regimes are likely as states equate unmanaged keys with national-security risk.
Premium on self-custody — The Nobitex burn proves exchanges are honey-pots; “insurance funds” can’t repay coins that literally no longer exist.
The Bank Sepah hack is a live-fire lesson: centralised money is a glass cannon—powerful until it shatters. Bitcoin scatters that glass into a million marbles; no single hammer can smash them all.
Hold your own keys. Sleep through the outage like a baby.
