Suspicious outflows across multiple cryptocurrencies raise concerns over another state-backed cyberattack.
$21 Million Outflows Detected
SBI Crypto, a mining subsidiary of Japan’s SBI Group, has reportedly been hit by a $21 million exploit, according to blockchain investigator ZachXBT. On September 24, 2025, wallets linked to the firm recorded large outflows across Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH).
Investigators say the funds were moved through five instant exchanges before being routed into Tornado Cash, a sanctioned crypto mixing service frequently linked to illicit finance.
Suspected North Korea Ties
ZachXBT highlighted in a Telegram post that the hack bore striking similarities to previous DPRK-linked exploits, including laundering patterns consistent with the Lazarus Group, a state-sponsored hacking collective from North Korea.
“The on-chain activity shows overlaps with past Lazarus operations, suggesting the same actors may be responsible,” ZachXBT noted.
If confirmed, this would add to the billions of dollars stolen in digital assets by North Korean cyber units over the last five years.
Despite the scale of the alleged theft, SBI Group has not issued a public statement and did not respond to requests for clarification as of publication. The lack of disclosure raises questions about corporate transparency and potential impacts on SBI’s broader financial operations.
Industry Concerns on Crypto Security
Cybersecurity experts warn that crypto mining pools and custodial services remain prime targets for state-backed groups. North Korea has increasingly relied on crypto theft to fund its sanctioned weapons programs, according to international security agencies.
“Lazarus and affiliated groups continue to exploit weak security standards and decentralized laundering tools,” said a Tokyo-based blockchain security analyst. “Until global regulators coordinate stronger oversight, these incidents will persist.”
This alleged hack underscores the growing geopolitical dimension of crypto crime, where digital asset theft is intertwined with national security risks. With Tornado Cash still operational despite sanctions, tracking stolen funds remains a challenge for authorities worldwide.
As investigations unfold, the incident is likely to reignite debates on crypto regulation, privacy tools, and cross-border cybercrime enforcement.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.