Key Highlights
- Over $21 million in crypto stolen from SBI Crypto's wallets.
- Funds laundered through Tornado Cash, raising security concerns.
- Incident may be linked to North Korean hacker groups.
SBI Crypto Suffers $21 Million Hack Linked to North Korean Hackers
On September 24, 2025, over $21 million in digital assets were withdrawn from addresses associated with the SBI Crypto mining pool, a subsidiary of Japan's SBI Group. The stolen funds included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, according to crypto researcher ZachXBT.
The stolen assets were first transferred to five "instant exchangers" and subsequently sent to the cryptocurrency mixer Tornado Cash.
ZachXBT noted that the patterns observed in this incident resemble previous attacks attributed to hacker groups linked to North Korea. However, there is no official confirmation of this yet.
SBI Crypto's Background and Recent Developments
SBI Crypto has been a leading cryptocurrency mining pool since 2017, offering a platform for miners of all levels. In August 2025, SBI Holdings submitted applications to launch two cryptocurrency ETFs, one of which will invest in Bitcoin and XRP.
This breach underscores the increasing sophistication of cyberattacks targeting cryptocurrency infrastructure. North Korean hacker groups, such as the Lazarus Group, have been linked to several high-profile crypto heists in recent years.
For instance, in 2024, they were responsible for the $1.3 billion theft from various crypto exchanges, marking one of the largest crypto heists to date.
The use of Tornado Cash, a privacy-focused mixer, highlights ongoing challenges in tracking illicit crypto transactions. Despite regulatory efforts, such mixers continue to be utilized for laundering stolen funds, complicating enforcement actions.
