- Trending
- Comments
- Latest
Japan’s SBI Crypto, a subsidiary of the publicly traded SBI Group, has reportedly fallen victim to a $21 million security breach now referred to as the SBI Crypto exploit. The incident, which took place on September 24, 2025, involved the theft of multiple cryptocurrencies including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.
Blockchain investigator ZachXBT first flagged the suspicious transfers, noting that the outflows from wallet addresses tied to the company closely resembled tactics from previous North Korean state-backed hacks.
“Approximately $21 million in cryptocurrency was suspiciously transferred from wallet addresses associated with SBI Crypto, ultimately deposited into Tornado Cash,” — ZachXBT, in a statement posted on X (formerly Twitter).
The SBI Crypto exploit highlights the growing threat of nation-state actors targeting exchanges and mining pools, as digital assets remain a prime target for cybercriminal groups.
The attackers reportedly funneled the stolen assets through five instant exchanges before moving them into Tornado Cash, the crypto mixing service sanctioned by the U.S. Treasury Department in August 2022. Tornado Cash has long been scrutinized for its role in laundering illicit funds.
The use of Tornado Cash in the SBI Crypto exploit mirrors patterns seen in earlier high-profile hacks linked to North Korea. ZachXBT, working alongside blockchain security firm Cyvers, identified multiple indicators pointing toward a repeat of state-sponsored tactics.
Despite regulatory pressure, Tornado Cash remains accessible via decentralized networks, allowing hackers to obscure the origins and destinations of stolen assets. This persistent availability continues to make it a favored tool for laundering operations like the SBI Crypto exploit.
Cybersecurity analysts believe the SBI Crypto exploit bears the hallmarks of Lazarus Group, the North Korean-linked organization accused of stealing billions in digital assets over the past decade.
Earlier in 2025, blockchain intelligence firm Arkham reported that Lazarus Group was behind a $1.5 billion hack targeting Bybit. ZachXBT has also previously linked Lazarus to other high-profile cases, including the exploitation of Iranian exchange Nobitex for $80 million.
With the SBI Crypto exploit, suspicions grow that North Korea is continuing its campaign of state-sponsored thefts to fund its international operations and evade sanctions.
SBI Crypto operates as a mining pool under SBI Group, one of Japan’s largest financial conglomerates with exposure to both traditional and digital assets. However, the company has not publicly confirmed the exploit or issued a formal statement.
The lack of immediate communication has fueled investor concerns, particularly given SBI’s status as one of Japan’s largest financial entities. For crypto investors, the SBI Crypto exploit underscores the risks of centralized exposure even among established financial players.
The SBI Crypto exploit adds to a growing list of breaches that highlight systemic vulnerabilities in the digital asset sector. While regulators have cracked down on mixing services like Tornado Cash, hackers continue to adapt, using decentralized tools to evade sanctions and traceability.
In 2023, Tornado Cash co-founder Roman Storm was charged with conspiracy to commit money laundering and sanctions violations, underscoring regulators’ determination to curb its use. Still, the platform’s decentralized infrastructure keeps it beyond full shutdown.
For the global crypto community, the SBI Crypto exploit raises urgent questions about security, compliance, and the resilience of exchanges against nation-state-level threats.
