SBI Crypto Hit by $21 Million Hack, Suspected North Korean Involvement

SBI Crypto, a Japanese cryptocurrency firm, has suffered a significant security breach, with approximately $21 million in cryptocurrency stolen. Blockchain investigators are pointing fingers at North Korean hackers, specifically the Lazarus Group, known for their sophisticated cyberattacks and ties to the Democratic People's Republic of Korea (DPRK).

Key Details of the Attack

• Initial Discovery: Blockchain analyst ZachXBT first detected suspicious outflows from SBI Crypto wallet addresses on September 24, 2025.
• Stolen Funds: Approximately $21 million worth of cryptocurrency, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, was drained from company-linked addresses.
• Laundering Tactics: The stolen funds were routed through five instant exchanges before being deposited into Tornado Cash, a crypto mixer previously sanctioned by the U.S. Treasury.
• Attribution: The tactics and digital fingerprints used in the SBI Crypto theft closely resemble other intrusions carried out by DPRK cyber units.
• SBI's Response: Despite the scale of the theft, SBI Crypto has not yet publicly disclosed the incident.

North Korea's Growing Cyber Threat

This attack adds to a growing list of cybercrimes attributed to North Korea. The DPRK's cyber units have reportedly stolen billions of dollars from the digital asset sector in recent years. They are known for their sophisticated techniques, including:

• Hacking Exchanges and Wallets: Targeting cryptocurrency exchanges and individual wallets to steal funds directly.
• Fraudulent Employment Schemes: Posing as blockchain developers to infiltrate crypto projects and gain access to sensitive information or funds. This includes creating fake identities and using social engineering tactics.
• Malware Campaigns: Deploying sophisticated malware to infect developers' devices and steal crypto wallet credentials.

The Role of Tornado Cash

The use of Tornado Cash in laundering the stolen funds has renewed scrutiny of the platform. While a U.S. court recently lifted restrictions on Tornado Cash, it remains a controversial tool due to its potential for facilitating illicit activities. The SBI Crypto incident raises concerns that state-backed hackers may exploit such services to conceal stolen assets.

Key Takeaways

• North Korean hackers pose a significant threat to the cryptocurrency industry.
• Crypto mixers like Tornado Cash can be used to launder stolen funds, despite regulatory efforts.
• Cryptocurrency projects need to enhance their security measures and be vigilant against social engineering attacks and fraudulent employment schemes.
• Increased collaboration between law enforcement agencies and blockchain forensics firms is crucial to combating North Korean cybercrime.