SBI Group’s Crypto Arm Hit By $21M Exploit Linked To North Korean Hackers

SBI Crypto, a subsidiary of Japan’s SBI Group, was struck by a major breach as hackers allegedly linked to North Korea stole $21 million from its crypto mining pool.

The hack was flagged by blockchain sleuth ZachXBT, who identified suspicious outflows of various cryptocurrencies, including Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Bitcoin Cash (BCH).

North Korean Hackers Drain $21 Million From SBI Crypto

SBI Holdings, Japan’s largest traditional finance group, has been hit by a major breach as hackers stole $21 million from the mining pool of its crypto subsidiary, SBI Crypto. The stolen funds include Bitcoin (BTC), Dogecoin (DOGE), Litecoin (LTC), and Ethereum (ETH). The hack exhibited several similarities to other exploits by North Korean hackers. According to ZachXBT and security firm Cyvers, the funds were quickly moved through instant exchanges and deposited into Tornado Cash. Tornado Cash has been sanctioned by US authorities for its role in obscuring illicit transactions. ZachXBT wrote on Telegram,

“On September 24, 2025, addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash. The stolen funds were transferred to five instant exchanges and deposited into Tornado Cash. Interestingly, several indicators share similarities to other known DPRK attacks.”

SBI And Its Crypto Involvement

SBI Holdings has been expanding its presence in the cryptocurrency ecosystem. The company has begun offering Bitcoin ETFs and tokenized stocks, allowing customers to access crypto services. However, its growing involvement in the crypto space has also increased its exposure to security threats and hacks, the latest being the hack of its mining pool. On-chain investigators, including ZachXBT and CyversAlerts, traced several suspicious transactions from addresses linked to SBI crypto.

Hackers funneled the stolen funds through exchanges and moved to Tornado Cash to obfuscate the trail of the funds. Tornado Cash has come under scrutiny for allowing hackers to launder stolen funds. Tornado Cash founder Roman Storm has been charged with conspiracy to commit money laundering and sanctions violations to launder stolen funds.