TLDR
- Japanese financial firm SBI Crypto lost approximately $21 million in crypto on September 24, 2025
- Stolen assets included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash
- Blockchain investigator ZachXBT identified patterns matching previous North Korean cyberattacks
- Funds were laundered through Tornado Cash, a sanctioned crypto mixer
- SBI Group has not confirmed the incident or commented publicly
A subsidiary of Japan’s SBI Group has reportedly lost $21 million in cryptocurrency following a suspected hack with possible connections to North Korean cybercriminals. The incident was uncovered by blockchain investigator ZachXBT on October 1, 2025.
SBI Crypto, which operates as a mining pool under the publicly traded financial conglomerate, experienced suspicious outflows from its addresses on September 24. The stolen funds included multiple cryptocurrencies across different blockchain networks.
The attackers made off with Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. They then moved the stolen assets through five instant exchanges in an apparent attempt to obscure the trail.
Money Laundering Through Tornado Cash
After passing through multiple exchanges, the stolen funds were deposited into Tornado Cash. This crypto mixing service was sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control in August 2022.
Tornado Cash allows users to obscure transaction origins and destinations on the blockchain. The platform has become a preferred tool for hackers looking to launder stolen cryptocurrency.
In 2023, Roman Storm faced charges of conspiracy to commit money laundering and sanctions violations for operating Tornado Cash. Despite these legal actions and sanctions, hackers continue using the decentralized platform.
North Korean Hacker Connections
ZachXBT noted multiple indicators suggesting the attack resembles previous North Korean state-backed cyberattacks. Blockchain security firm Cyvers assisted with the investigation and analysis.
North Korea-linked hacking groups have stolen billions in digital assets over recent years. The Lazarus Group, believed to be sponsored by the North Korean government, has been connected to numerous high-profile crypto heists.
Earlier in 2025, Arkham Intelligence reported that Lazarus Group hacked exchange Bybit for over $1.5 billion. That report cited information from ZachXBT, who has built a reputation for tracking illicit crypto activity.
In June, ZachXBT identified an exploit at Iranian cryptocurrency exchange Nobitex that resulted in over $80 million in losses. The investigator has become one of the most recognized figures in crypto security tracking.
Company Response and Investigation
SBI Group has not publicly acknowledged the incident. The company did not respond to multiple media requests for comment about the alleged hack.
SBI Crypto operates under SBI Group, a major Japanese financial conglomerate with investments in both traditional finance and digital assets. The company’s silence on the matter has left many questions unanswered.
The stolen funds remain in Tornado Cash as of the latest reports. Despite global regulatory efforts to combat crypto money laundering, decentralized mixers continue to function.
ZachXBT’s investigation revealed the attack occurred on September 24, 2025. The funds were traced through their entire journey from SBI Crypto addresses to the Tornado Cash mixer.
