SBI Crypto Reportedly Suffers $21 Million Hack With Suspected DPRK Links

SBI Crypto, the digital asset mining subsidiary of Japan’s financial services giant SBI Group, has reportedly fallen victim to a major cyberattack resulting in the theft of approximately $21 million worth of cryptocurrency. The hack, which came to light in late September 2025, has sparked concerns across the global digital asset sector, particularly due to possible links with North Korea’s state-backed hacking groups.

Details of the alleged breach

According to reports from blockchain security researchers ZachXBT and Cyvers, multiple wallets connected to SBI Crypto were compromised on September 24, 2025. The stolen assets included BTC (BTC), ETH (ETH), Litecoin (LTC), Dogecoin (DOGE), and BTC Cash (BCH). Investigators noted that the attackers rapidly moved the funds through instant platforms before channeling them into Tornado Cash, a decentralized crypto mixer sanctioned by U.S. authorities for its role in laundering illicit proceeds.

The pattern of laundering indicates a well-coordinated attack, consistent with techniques previously viewn in high-profile hacks of platforms and DeFi platforms. Despite the growing attention, SBI Group and SBI Crypto have yet to release any official statement confirming or denying the breach. This lack of response has fueled speculation about the scale of the incident and whether customer assets were impacted.

Suspected North Korean involvement

The methodology employed in the attack has raised suspicions of involvement by the Lazarus Group, a North Korea-linked cybercriminal network responsible for billions in stolen cryptocurrency over the last decade. The group has been tied to incidents ranging from the 2016 Bangladesh Bank heist to more recent DeFi protocol exploits. Analysts note that the use of Tornado Cash and instant swap services is a common tactic in Lazarus operations designed to obscure fund trails and evade international sanctions.

If confirmed, the SBI Crypto hack would underscore the ongoing vulnerabilities of centralized crypto infrastructure against state-sponsored cyber threats. Japan, which has already endured historic incidents such as the Mt. Gox and Coincheck platform hacks, may face renewed regulatory pressure as the Financial Services Agency (FSA) weighs potential responses. A breach tied to one of the country’s largest financial conglomerates could also influence global perceptions of Japan’s digital asset security framework.

Beyond SBI Crypto, the attack highlights the broader risks faced by cryptocurrency platforms, mining pools, and custodial services. Even with stronger compliance standards and upgraded security practices, centralized platforms remain attractive targets for hackers. The incident also revives debate around privacy-preserving tools like Tornado Cash, which can be used by both legitimate users and malicious actors. While regulators have attempted to restrict such services, enforcement remains a major challenge.

As of ahead October 2025, the whereabouts of the stolen $21 million remain unclear. Blockchain analysts continue to monitor wallet activity for potential liquidation attempts on secondary markets. Until SBI Group addresses the breach directly, uncertainty will persist around the scale of losses and the resilience of one of Japan’s most prominent financial institutions in the digital asset industry.

The SBI Crypto hack serves as a stark reminder of the ongoing cybersecurity threats facing the global cryptocurrency ecosystem. For regulators, investors, and institutions, it reinforces the urgent need for robust security infrastructure, rapid incident response strategies, and coordinated international action to curb the flow of illicit digital funds.

Word count: ~505