SBI Crypto, a subsidiary of Japan’s SBI Group, reportedly lost around $21 million in a blockchain exploit. The incident was flagged by blockchain investigator ZachXBT, with signs pointing to suspected North Korean state-backed hackers.
Digital assets meet tradfi in London at the fmls25
ZachXBT identified suspicious outflows of various cryptocurrencies, including Bitcoin, ether, Litecoin, Dogecoin, and Bitcoin Cash, from addresses linked to SBI Crypto.
Indicators Point to North Korean Hack Groups
“On September 24, 2025, addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash,” ZachXTB posted on Telegram.
“The stolen funds were transferred to five instant exchanges and deposited into Tornado Cash. Interestingly, several indicators share similarities to other known DPRK attacks.”
The crypto assets were quickly moved through multiple instant exchanges before being deposited into Tornado Cash, a crypto mixing service previously sanctioned by U.S. authorities for its role in obscuring illicit transactions.
ZachXBT's analysis highlighted several parallels between this exploit and earlier crypto thefts linked to the North Korean Lazarus Group, a hacking collective known for targeting digital assets worldwide. These groups have previously stolen billions of dollars’ worth ofcryptocurrencies and used decentralized mixers to launder the proceeds despite ongoing regulatory efforts to curb this behavior.
According to ZachXBT, approximately $21 million in cryptocurrency was suspiciously transferred from wallet addresses associated with SBI Crypto, ultimately deposited into Tornado Cash. North Korean hackers are suspected to be behind the attack. SBI is Japan's largest…
— Wu Blockchain (@WuBlockchain) October 1, 2025
Tornado Cash at Center Again
According to ZachXBT, the pattern of quick fund dispersal followed by routing through Tornado Cash resembles tactics seen in state-sponsored DPRK cyberattacks. The involvement of Tornado Cash remains a major concern as regulatory bodies continue to crack down on illicit mixers.
You may also find interesting: Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads
Despite the significant loss, SBI Group has not issued any public disclosure or comment regarding the suspected breach. The financial conglomerate, which operates across traditional and digital assets markets, did not respond to requests for comment from media outlets, including CoinDesk.
In a separate incident last month, a significant supply chain attack compromised multiple widely used JavaScript packages on the Node Package Manager registry, potentially exposing billions of dollars in cryptocurrency to theft.
Although no significant loss was reported, the attackers reportedly gained access to the accounts of reputable package maintainers through a targeted phishing campaign, enabling them to inject malicious code into packages collectively downloaded over a billion times.
This article was written by Jared Kirui at www.financemagnates.com.
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments