Following coordinated US-Israeli airstrikes on Iran, reporting described a rapid escalation in state information controls, including a near-total internet blackout that cut the country off from external communications. Journalists and civil society actors were described as disproportionately impacted, facing a choice between attempting to circumvent restrictions—at personal risk—or losing the ability to report and document events; the blackout was framed as consistent with Iran’s prior crisis playbook of throttling or severing connectivity during unrest and security crackdowns.
On-chain analysis also reported a sharp spike in cryptoasset outflows from major Iranian exchanges in the immediate aftermath of the strikes, totaling roughly $10.3M over a multi-day window. The activity was assessed as consistent with prior patterns in which Iranian crypto movements surge around geopolitical shocks and domestic instability, with potential drivers including citizen self-custody withdrawals, exchange infrastructure changes, or state-linked activity; attribution was described as premature pending follow-on tracing of onward fund flows.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
On 2026-03-03, WIRED reported how journalists and activists were working around Iran’s internet blackout using encrypted messaging, SMS, international calls, and smuggled media. The report also noted the use of satellite imagery and, in some cases, Starlink to compensate for the loss of connectivity.
On 2026-03-03, Chainalysis published an analysis linking a sharp rise in Iranian exchange outflows to the hours after the airstrikes. The company said more time and wallet-level analysis would be needed to determine whether the movements were driven by retail users, exchanges, or state-controlled actors.
Between 2026-02-28 and 2026-03-02, major Iranian exchanges recorded about $10.3 million in crypto outflows. Chainalysis said the spike could reflect self-custody withdrawals, exchange fund movements, or state-aligned laundering and sanctions-evasion activity, but attribution remained unclear.
Following the 2026-02-28 airstrikes, Iran implemented a near-total internet shutdown that largely cut the country off from the outside world. Reporting described the move as consistent with Iran’s past crisis response and damaging to journalists, activists, and families trying to communicate.
On 2026-02-28, coordinated US and Israeli strikes hit a military compound in Tehran. The strikes became the trigger for subsequent internet restrictions and unusual crypto outflows from Iranian exchanges.
In 2025, Iran’s largest crypto exchange, Nobitex, was hacked and more than $90 million was stolen. The incident was later cited as part of the heightened cybersecurity and operational pressure facing Iranian exchanges.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
koreatimes.co.kr
Open sourcechainalysis.com
Open sourcewired.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.