SBI Crypto, a subsidiary of Japan’s SBI Group,
reportedly lost around $21 million in a blockchain exploit. The incident was flagged by blockchain investigator ZachXBT, with signs pointing to suspected North Korean
state-backed hackers.

Digital assets meet tradfi in London at the fmls25

ZachXBT identified suspicious
outflows of various cryptocurrencies, including bitcoin, ether, litecoin,
dogecoin, and bitcoin cash, from addresses linked to SBI Crypto.

Indicators Point to North Korean Hack Groups

Table of Contents show

“On September 24, 2025, addresses linked to SBI Crypto
saw ~$21M in suspicious outflows on Bitcoin , Ethereum, Litecoin, Doge, &
Bitcoin Cash,” ZachXTB posted on Telegram.

“The stolen funds were transferred to five instant
exchanges and deposited into Tornado Cash. Interestingly, several indicators share
similarities to other known DPRK attacks.”

The stolen assets were quickly moved through multiple
instant exchanges before being deposited into Tornado Cash, a crypto mixing
service previously sanctioned by U.S. authorities for its role in obscuring
illicit transactions.

ZachXBT’s analysis highlighted several parallels
between this exploit and earlier crypto thefts linked to the North Korean
Lazarus Group, a hacking collective known for targeting digital assets
worldwide. These groups have previously stolen billions of dollars’ worth of
cryptocurrencies and used decentralized mixers to launder the proceeds despite
ongoing regulatory efforts to curb this behavior.

Tornado Cash at Center Again

“This pattern of quick fund dispersal followed by
routing through Tornado Cash resembles tactics seen in state-sponsored DPRK
cyberattacks,” ZachXBT noted. The involvement of
Tornado Cash remains a major concern as regulatory bodies continue to crack
down on illicit mixers.

You may also find interesting: Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads

Despite the significant loss, SBI Group has not issued
any public disclosure or comment regarding the suspected breach. The financial
conglomerate, which operates across traditional and digital assets markets, did
not respond to requests for comment from media outlets, including CoinDesk.

Last month, a significant supply chain attack compromised multiple widely used JavaScript packages on the Node Package
Manager (NPM) registry, potentially exposing billions of dollars in
cryptocurrency to theft.

Although no significant loss was reported, the
attackers gained access to the accounts of reputable package maintainers
through a targeted phishing campaign, enabling them to inject malicious code
into packages collectively downloaded over a billion times

SBI Crypto, a subsidiary of Japan’s SBI Group,
reportedly lost around $21 million in a blockchain exploit. The incident was flagged by blockchain investigator ZachXBT, with signs pointing to suspected North Korean
state-backed hackers.

Digital assets meet tradfi in London at the fmls25

ZachXBT identified suspicious
outflows of various cryptocurrencies, including bitcoin, ether, litecoin,
dogecoin, and bitcoin cash, from addresses linked to SBI Crypto.

Indicators Point to North Korean Hack Groups

“On September 24, 2025, addresses linked to SBI Crypto
saw ~$21M in suspicious outflows on Bitcoin , Ethereum, Litecoin, Doge, &
Bitcoin Cash,” ZachXTB posted on Telegram.

“The stolen funds were transferred to five instant
exchanges and deposited into Tornado Cash. Interestingly, several indicators share
similarities to other known DPRK attacks.”

The stolen assets were quickly moved through multiple
instant exchanges before being deposited into Tornado Cash, a crypto mixing
service previously sanctioned by U.S. authorities for its role in obscuring
illicit transactions.

ZachXBT’s analysis highlighted several parallels
between this exploit and earlier crypto thefts linked to the North Korean
Lazarus Group, a hacking collective known for targeting digital assets
worldwide. These groups have previously stolen billions of dollars’ worth of
cryptocurrencies and used decentralized mixers to launder the proceeds despite
ongoing regulatory efforts to curb this behavior.

Tornado Cash at Center Again

“This pattern of quick fund dispersal followed by
routing through Tornado Cash resembles tactics seen in state-sponsored DPRK
cyberattacks,” ZachXBT noted. The involvement of
Tornado Cash remains a major concern as regulatory bodies continue to crack
down on illicit mixers.

You may also find interesting: Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads

Despite the significant loss, SBI Group has not issued
any public disclosure or comment regarding the suspected breach. The financial
conglomerate, which operates across traditional and digital assets markets, did
not respond to requests for comment from media outlets, including CoinDesk.

Last month, a significant supply chain attack compromised multiple widely used JavaScript packages on the Node Package
Manager (NPM) registry, potentially exposing billions of dollars in
cryptocurrency to theft.

Although no significant loss was reported, the
attackers gained access to the accounts of reputable package maintainers
through a targeted phishing campaign, enabling them to inject malicious code
into packages collectively downloaded over a billion times





Source link

RELATED ARTICLESMORE FROM AUTHOR