A jaw dropping $90 million disappeared from Nobitex, Iran’s biggest crypto marketplace, and the crypto confetti is still raining down. Heck, even the blame-shifting has begun, with suggestions of Israeli complicity and the shadowy group as “Predatory Sparrow” taking credit. The true tale is more than just who done it—it’s a look at why this happened and a glimpse of just how abysmally current sanctions policy has failed.

Sanctions Breed Crypto Vulnerability?

Let's be blunt: Western sanctions against Iran, while intended to cripple its nuclear ambitions and regional destabilizing activities, may be inadvertently creating a perfect storm of crypto-fueled chaos. You punish a country, depriving it of access to the regular financial community, and how do you think that would work? They'll find another way. Cryptocurrency is the solution, the digital lifeline offered in the abyss of financial sanctions. But that lifeline is incredibly fragile.

Think of it this way: you're trying to fix a leaky pipe (Iran's problematic behavior) by clamping it shut. Eventually, that water pressure accumulates enough to burst – in this example, through a lack of cybersecurity in a poorly anchored international cryptocurrency exchange.

This isn't just speculation. Time and again, experts have warned against the dangers of forcing countries into unregulated informal financial systems. Additionally, as sanctions end up pushing activity underground, it becomes increasingly difficult to monitor, and even more importantly, to obtain security. You can’t regulate what you can’t see. You can't secure what you don't control.

Burning Money, Sending a Message

As impressive as the coordination involved in the hack itself is, that’s not even the most audacious part – that’s the technique! Gonjeshke Darande’s misappropriation of funds was more than financial. They opened with widespread destruction of it, literally burning it in public while sending money to wallets replete with anti-regime sentiments. This wasn't just about financial gain. This was a courageous political act. It was a digital flip-off to the Iranian Revolutionary Guard and blew the whistle on Nobitex for its purported part in aiding Iran to skirt sanctions and fund organizations such as the Houthis and Hamas.

Is this the future of warfare? Political theatre cyberattacks, with stolen ransom money as the propaganda?

These days, so-called ‘hackers’ leaking Nobitex’s source code. This event is the latest boon to the mayhem that is this digital dumpster fire. This further effectively weaponizes Nobitex’s vulnerabilities, rendering not just the CVE but the entire instance a target for continuing attack. As a proving ground for advanced transportation technologies, the data should be available to anyone who has the skills to leverage it.

Is This Sanctions' Endgame?

Here's the uncomfortable truth: this hack could be a preview of things to come. If Iran, a nation with significant cyber capabilities, can be compromised like this, what about other countries facing similar sanctions pressures? North Korea? Venezuela?

We risk creating a new global ecosystem of sanctioned countries that rely on unregulated, untraceable cryptocurrencies. These currencies are getting increasingly difficult to police and susceptible to hacks. This is a recipe for disaster.

In short, the U.S. and its allies should take a hard look at where and how they decide to impose costly, unilateral sanctions. Are they truly achieving their intended goals? Or are they just pushing bad behavior underground and out of sight, thus making it more difficult to address?

We require a better, more careful solution—one that takes the cybersecurity risks of crypto adoption for sanctioned countries into account. To do this, we must invest in stronger and better monitoring tools. Continue working with the international community to promote stronger standards for crypto security, privacy, and disclosure, including through possible targeted sanctions against actors enabling illicit activity through crypto.

The $90 million Nobitex hack is more than a well-heeled blow to Iranian crypto investors. It should serve as a wake-up call for the rest of the world. We can no longer afford to tune out the unintended consequences of our punitive sanctions policies. The future of international security surely rests on it.