SBI Crypto, a mining pool operated by Japan’s SBI Group, was targeted by a cyberattack on September 24th, reportedly resulting in a $21 million loss for the company. Blockchain investigator ZachXBT revealed the breach on October 1.
According to reports, the stolen assets included Bitcoin (BTC), Ether (ETH), Dogecoin (DOGE), Bitcoin Cash (BCH), and Litecoin (LTC). Investigators traced the movement of these assets across different blockchains through instant exchanges, ultimately leading to Tornado Cash, a cryptocurrency mixing service.
ZachXBT, working with blockchain security firm Cyvers, noted that the cyberattack exhibits several patterns similar to those observed in previous North Korea-linked cryptocurrency thefts. The techniques used in the attack were identical to those used by the Lazarus Group, a state-sponsored hacking team known for targeting cryptocurrency exchanges, wallets, and other platforms.
SBI Crypto is a major part of the SBI Group, one of Japan’s largest financial firms, with assets exceeding $200 billion in both traditional and digital markets. The mining pool is among the top contributors to the Bitcoin network, having mined hundreds of blocks in the past year.
Despite its scale, SBI Group has not issued a public statement on the reported hack. Both ZachXBT and Protos stated they found no evidence that the company disclosed the loss to its mining pool members. Protos contacted SBI Crypto for comment but received no response before publication.
The absence of confirmation creates doubts about whether the incident may affect miner payouts or other financial services. The history of BTC Guild and GHash demonstrates that past mining pool attacks frequently disrupted the payment of members.
The SBI Crypto breach is the latest in what experts say has become a record year for North Korea-linked crypto theft. Data from blockchain research firm Chainalysis indicates that DPRK-linked hackers have amassed more than $2.2 billion in digital assets thus far in 2025.
The largest incident was the $1.5 billion Bybit hack in February. These operations are believed to help fund North Korea’s weapons programs. U.S. officials have repeatedly linked the Lazarus Group to such activity.
Furthermore, Tornado Cash, which was involved in the laundering process, has been under investigation by regulators for a long time. Although the US Treasury blacklisted the platform in 2022, a subsequent court decision eased some of those restrictions. However, the Department of Justice is still pursuing legal action against its developers.
Moreover, the SBI Crypto attack is a sign of the persistent security threats in the digital assets sector. This is evident in cases with large and established financial organizations, as state-supported hacking groups continue to expand their influence.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance on cryptocurrencies and stocks. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. This article is provided for informational purposes and does not constitute investment advice. You are responsible for conducting your own research (DYOR) before making any investments. Read more about the financial risks involved here.