SBI Group’s Crypto Arm Hit By $21M Exploit Linked To North Korean Hackers

SBI Crypto, a subsidiary of Japan’s SBI Group, was struck by a major breach as hackers allegedly linked to North Korea stole $21 million from its crypto mining pool. The hack was flagged by blockchain sleuth ZachXBT, who identified suspicious outflows of various cryptocurrencies, including Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Bitcoin Cash (BCH). North Korean Hackers Drain $21 Million From SBI Crypto SBI Holdings, Japan’s largest traditional finance group, has been hit by a major breach as hackers stole $21 million from the mining pool of its crypto subsidiary, SBI Crypto. The stolen funds include Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Ethereum (ETH). The hack exhibited several similarities to other exploits by North Korean hackers. According to ZachXBT and security firm Cyvers, the funds were quickly moved through instant exchanges and deposited into Tornado Cash. Tornado Cash has been sanctioned by US authorities for its role in obscuring illicit transactions. ZachXBT wrote on Telegram, “On September 24, 2025, addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash. The stolen funds were transferred to five instant exchanges and deposited into Tornado Cash. Interestingly, several indicators share similarities to other known DPRK attacks.” SBI And Its Crypto Involvement SBI Holdings has been expanding its presence in the cryptocurrency ecosystem. The company has begun offering Bitcoin ETFs and tokenized stocks, allowing customers to access crypto services. However, its growing involvement in the crypto space has also increased its exposure to security threats and hacks, the latest being the hack of its mining pool. On-chain investigators, including ZachXBT and CyversAlerts, traced several suspicious transactions from addresses linked to SBI crypto. Hackers funneled the stolen funds through exchanges and moved to Tornado Cash to obfuscate the trail of the funds. Tornado Cash has come under scrutiny for allowing hackers to launder stolen funds. Tornado Cash founder Roman Storm has been charged with conspiracy to commit money laundering and sanctions violations to launder stolen funds. Possible North Korean Connection In an analysis of the hack, ZachXBT drew several parallels between the exploit and previous hacks and thefts linked to the dreaded North Korean Lazarus Group. The hacker group is known for targeting digital assets and has been linked with heists worth billions of dollars. The hackers then used decentralized mixers to launder the proceeds, often leaving the impacted party with no recourse. “According to ZachXBT, approximately $21 million in cryptocurrency was suspiciously transferred from wallet addresses associated with SBI Crypto, ultimately deposited into Tornado Cash. North Korean hackers are suspected to be behind the attack. SBI is Japan's largest cryptocurrency company.” Growing Concerns Around Hacks Mining pools facilitate the pooling of resources to mine cryptocurrencies. However, they are vulnerable to hacks because they manage a large volume of funds and are linked to multiple parties, giving hackers several entry points. As crypto and mining infrastructure become more complex, they offer malicious entities more opportunities to exploit potential weaknesses. Investigators believe the hackers may have found a way to exploit a weakness in SBI Crypto’s systems and siphon funds without being discovered. SBI Holdings has yet to officially acknowledge the breach. However, the hack highlights the growing security risks faced by the crypto industry. The attack is also part of a rising trend in which hackers focus on less secure targets, including mining pools, exchanges, and bridges. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.