As the U.S.-Israeli attack on Iran continues, there’s a bit of split-screen in Iranian online activity at the moment. On the one screen, crypto usage has spiked sharply since the launch of the attacks. On the other, most of Iran’s state-sponsored cyber groups are nowhere to be found. 

According to Chainalysis, on-chain data show roughly $10.3 million in cryptoasset outflows from major Iranian exchanges between February 28 and March 2. 

Within hours of the launch of U.S.-Israeli airstrikes on February 28, crypto outflows exceeded $2 million, according to the blockchain analytics firm, which noted that it was still too soon to determine whether the transfers primarily reflected ordinary Iranians moving assets into self-custody, Iranian exchanges shifting funds to new wallets to obscure activity, or state-aligned actors using domestic exchanges as conduits. 

The data might also reflect that Iranians crypto users are incentivized to liquidate their assets due to sanctions fears, cyber threats, or the potential that their virtual funds could simply be seized, Chainalysis said. 

Elliptic reported a similar surge from Nobitex, Iran’s largest cryptocurrency exchange, saying outgoing transaction volumes spiked by 700 percent within minutes of the first strikes. The firm described the outflows as potentially representing capital flight that uses crypto to bypass traditional banking scrutiny. 

An analysis of the transfers to date suggests that much of the funds landed in overseas exchanges that have historically seen significant inflows from Iran. Elliptic, which estimates that Nobitex sent or received roughly $7.2 billion in cryptoassets last year, previously revealed that the exchange is linked to the Islamic Revolutionary Guard Corps (IRGC) and has been used by the Central Bank of Iran to support the rial. 

While crypto flows continue to evolve amid the ongoing conflict, Iran’s military and intelligence hacking groups have separately gone dark amid an Internet blackout, according to new reporting by Bloomberg. 

Only 17 pro-Iran hacking groups have been active in recent days—a sharp decline from the 130 groups active last year during Israel’s conflict with the Tehran, according to Recorded Future threat analyst Alexander Leslie, who spoke with the news agency. 

Except for a handful of minor, short-lived failed disruptions, “the Iranian groups we track have gone almost entirely dark,” Leslie told Bloomberg. 

Meanwhile, cyber operations in support of the U.S. and Israel are reportedly spreading propaganda inside Iran, including through the hijacking of an Iranian prayer app and compromises of pro-regime news agencies and Iranian television broadcasts, according to the report. 

Read more at Chainalysis 

Read more at Elliptic

Read more at Bloomberg