Addresses associated with SBI Crypto, a subsidiary of Japan’s financial Giant SBI group, so suspicious outflows worth approx. 21 million dollars on September 24, 2025, according to Blockchain investigator Zachxbt.
The stolen funds included Bitcoin ether At At and . The loot then became a funnel for five immediate exchanges before being deposited in Tornado Cash, a crypto mixing service previously sanctioned by the US Treasury.
In a telegram post, Zachxbt noted that several indicators are similar to tactics used in former North Korean state-sponsored cyberattacks, which raised concern that this incident could be another in a number of DPRK-bound crypto Heists.
SBI Crypto acts as a mining pool under the SBI group, a listed financial conglomerate in Japan with significant exposure to both traditional and digital assets.
From the publication, SBI Group has not published the incident or issued an official response. SBI Group also did not respond to Coindesk’s request for comment.
North Korea-bound hacking groups, especially the Lazarus group, have been tied to billions in stolen digital assets in recent years. The funds are often laundered through decentralized mixers such as Tornado cash despite global regulatory crashes.
