tl;dr
SBI Crypto suffered a $21 million theft linked to North Korean hackers, with stolen funds routed through Tornado Cash. The breach highlights growing threats to crypto infrastructure and ties to state-sponsored groups like Lazarus.
**SBI Crypto Suffers $21 Million Hack Linked to North Korean Hackers**
*Cybersecurity Breach Highlights Growing Threats to Cryptocurrency Infrastructure*
In a devastating blow to the cryptocurrency sector, SBI Crypto, a subsidiary of Japan’s SBI Group, reported a $21 million heist on September 24, 2025. The breach involved the unauthorized withdrawal of digital assets, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, from addresses tied to the company’s mining pool. The stolen funds were first routed through “instant exchangers” before being funneled into Tornado Cash, a privacy-focused cryptocurrency mixer known for enabling anonymous transactions.
**Patterns Suggest North Korean Involvement**
Crypto researcher ZachXBT, who first identified the attack, noted that the transaction patterns bear similarities to previous cyberattacks linked to North Korean hacker groups. While no official confirmation has been made, the methods used in this breach align with tactics employed by state-sponsored actors, such as the Lazarus Group, which has been implicated in numerous high-profile crypto heists.
The Lazarus Group, attributed to the North Korean regime, has a history of targeting financial institutions and cryptocurrency platforms. In 2024, the group orchestrated a $1.3 billion theft from multiple crypto exchanges, marking one of the largest cyberattacks in the industry’s history. The SBI Crypto incident underscores the escalating sophistication of such operations, as hackers exploit vulnerabilities in decentralized systems.
**SBI Crypto’s Role and Recent Expansion**
SBI Crypto, established in 2017, has long been a key player in the cryptocurrency mining space, providing resources and infrastructure for miners worldwide. In August 2025, SBI Holdings, the parent company, submitted applications to launch two cryptocurrency exchange-traded funds (ETFs), including one focused on Bitcoin and XRP. The breach, however, raises critical questions about the security of even well-established crypto infrastructure.
**The Challenge of Tracking Illicit Transactions**
The use of Tornado Cash in this case highlights the persistent challenges regulators face in tracing illicit crypto flows. Despite efforts to crack down on money laundering, mixers like Tornado Cash continue to shield the origins of stolen funds, complicating law enforcement’s ability to recover assets. The platform, while marketed as a tool for privacy, has become a favored method for hackers to launder proceeds from cyberattacks.
**Implications for the Crypto Industry**
This incident serves as a stark reminder of the vulnerabilities within the cryptocurrency ecosystem. As the industry grows, so too do the threats posed by state-sponsored actors and organized cybercriminals. SBI Crypto’s breach, coupled with the broader trend of North Korean-linked attacks, signals the need for stronger security protocols, enhanced regulatory collaboration, and innovative solutions to combat financial crimes in the digital age.
While the full extent of the damage and the identity of the perpetrators remain under investigation, the attack on SBI Crypto is a sobering wake-up call for the cryptocurrency community. As hackers become more adept at evading detection, the race to secure digital assets—and hold malicious actors accountable—has never been more urgent.