What happened:
On September 24, 2025, addresses tied to SBI Crypto — a subsidiary of Japan’s SBI Group — saw suspicious outflows of roughly $21 million across multiple cryptocurrencies, including BTC, ETH, LTC, DOGE, and BCH. The stolen assets were funneled through instant exchanges and eventually moved into Tornado Cash, a mixing service frequently used to conceal the origin of funds.
Suspected links & context:
Blockchain investigator ZachXBT noted similarities between this exploit and previous hacks linked to North Korea–backed groups. The use of Tornado Cash, which has long been associated with laundering proceeds from major crypto attacks, further fuels suspicions of state-sponsored activity.
As of now, SBI Group has not issued an official statement confirming the breach.
Why it matters:
- The incident highlights continued vulnerabilities in centralized crypto infrastructure, even among large financial groups.
- It underscores regulators’ ongoing struggle to curb illicit flows through services like Tornado Cash.
- If North Korea’s involvement is confirmed, the hack would add to growing concerns over state-sponsored cybercrime in global crypto markets.
