Share this article
SBI Crypto Reportedly Hit by $21M Hack With Suspected DPRK Links
SBI Crypto, a subsidiary of Japan’s SBI Group, has reportedly suffered a $21 million exploit with blockchain sleuths pointing to possible ties with North Korean hackers.
Oct 1, 2025, 2:44 p.m.
What to know:
- Addresses linked to SBI Crypto saw suspicious outflows across BTC, ETH, LTC, DOGE and BCH on Sept. 24, later funneled through instant exchanges and Tornado Cash.
- ZachXBT highlighted similarities between the incident and prior North Korea-linked crypto heists.
- SBI Group has not publicly confirmed the hack and did not respond to CoinDesk’s request for comment.
Addresses linked to SBI Crypto, a subsidiary of Japan’s financial giant SBI Group, saw suspicious outflows worth roughly $21 million on Sept. 24, 2025, according to blockchain investigator ZachXBT.
The stolen funds included bitcoin , ether , , and . The loot was then funneled to five instant exchanges before being deposited into Tornado Cash, a crypto mixing service that previously been sanctioned by the U.S. Treasury.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
In a Telegram post, ZachXBT noted that several indicators resemble tactics used in previous North Korean state-backed cyberattacks, raising concerns that this incident could be another in a string of DPRK-linked crypto heists.
SBI Crypto operates as a mining pool under SBI Group, a publicly traded financial conglomerate in Japan with significant exposure to both traditional and digital assets.
As of publication, SBI Group has not publicly disclosed the incident or issued an official response. SBI Group did also not respond to CoinDesk's request for comment.
North Korea-linked hacking groups, particularly Lazarus Group, have been tied to billions in stolen digital assets in recent years. The funds are often laundered through decentralized mixers like Tornado Cash, despite global regulatory crackdowns.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Turkey's Paribu Buys CoinMENA in $240M Deal, Expanding Into High-Growth Crypto Markets
With the acquisition, Paribu gains regulatory foothold in Bahrain and Dubai and access to the region's fast-growing crypto user base.
What to know:
- Paribu acquires Bahrain- and Dubai-based CoinMENA for up to $240 million.
- Deal marks Turkey’s biggest fintech acquisition and first international crypto M&A, the firm said.
- The move taps into the MENA region’s fast-growing crypto user base and supportive regulatory hubs.
Top Stories
