Online banking services at four of Iran's largest banks remained disrupted for a sixth day, with officials shifting their account of the cause from a cyberattack to a technical fault, local tech media reported on June 19. 

The continued outage at Bank Melli, Bank Tejarat, Bank Saderat and the Export Development Bank of Iran points to strains in the country's payment network, eroding public confidence in the security of electronic banking systems as customers queue at branches.

Mobile banking, internet banking and card-to-card services at the four banks remained widely down despite repeated official promises of a swift fix, the report said.

The banks' coordination council apologised in a statement and said fully resolving the problem would take more time. The official account had shifted, the report said: described in the first days as a "limited cyberattack", the cause was now characterised in newer notices as "technical disruptions to processing infrastructure".

The change had fuelled speculation about the true extent of the damage to the Informatics Services Corporation's systems, which had been repeatedly targeted by enemy actors.

The disruption had left millions of users stranded and created long queues at branches over six consecutive days, the report said, with the continued situation carrying potential consequences for confidence in financial markets.

Social media in Iran has been rife in recent hours about the situation with people complaining of having to use cash, which is now seen as difficult to handle due to massive depreciation in recent months against a basket of foreign currencies. 

Iran-based analysts had raised non-technical theories, suggesting the restrictions on account access might be an informal way to curb liquidity flows and prevent capital moving into volatile currency and gold markets, the report said. No official document or confirmation of that theory had been published by state bodies.

The episode fits a longer pattern of cyber pressure on Iran's banking system, which has suffered repeated high-profile attacks in recent years, and a hacker group calling itself "Black Wolves" claimed responsibility for the latest disruption on Telegram, framing it in political terms, though Iranian authorities have not confirmed the claim or attributed the attack to any group.

Iran's banks have previously been hit by politically motivated operations rather than financially motivated cybercrime, and analysts cited in security coverage described the latest claims as consistent with such hacktivist activity.

The competing throttling theory, that authorities are quietly restricting account access to keep liquidity from flowing into the surging gold and currency markets, has circulated among some analysts but carries no official confirmation, and would be difficult to distinguish from a genuine technical failure given the opacity of the official account, which shifted from describing a "limited cyberattack" to a "technical fault" over the course of the week.