SBI Crypto Hack Exposes $21 Million Theft Linked to DPRK Actors
SBI Crypto has become the latest high-profile exchange to fall victim to a suspected state-sponsored cyberattack, with investigator ZachXBT, aided by Cyvers, linking a $21 million multi-coin theft to wallets associated with prior DPRK activities.
Summary
- SBI Crypto allegedly lost $21 million in a multi-coin hack tracked by ZachXBT and Cyvers.
- Investigators highlight that laundering patterns mirror those of prior DPRK-associated operations.
- The exchange has not yet confirmed the breach publicly.
On October 1, online investigator ZachXBT disclosed that a week earlier, wallets tied to SBI VC Trade Co., Ltd., which operates SBI Crypto, were emptied of roughly $21 million in digital currencies.
The theft, carried out on September 24, involved Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH). Based on ZachXBT’s findings, in collaboration with blockchain security firm Cyvers, the purloined funds were quickly funneled through five different instant exchanges before being deposited into the sanctioned crypto mixer Tornado Cash, a common obfuscation strategy.
SBI Crypto remains silent, but theft patterns suggest North Korean links
The potential link to North Korean operatives, while not officially verified by law enforcement, is based on specific on-chain behaviors identified by investigators. ZachXBT’s analysis points out that the techniques used to move the stolen assets, including the selection of instant exchanges and rapid routing into Tornado Cash, exhibit “multiple indicators” aligning with known money-laundering methods utilized by the Lazarus Group and other DPRK-related hacking factions.
As of now, SBI Crypto has not made any public statement regarding the breach, leaving its customers and the market dependent on independent investigators for critical updates.
Importantly, SBI Crypto is not a minor entity. Operating as SBI VC Trade Co., Ltd., it represents the crypto division of the expansive SBI Group, a publicly traded financial conglomerate in Japan. SBI Group is recognized as Japan’s largest comprehensive internet financial group, with the subsidiary offering a diverse range of retail services including spot and leveraged trading, a coin lending platform, and automated savings plans.
The significant integration of SBI Crypto within the traditional financial framework renders the breach particularly concerning, illustrating that regulatory adherence and institutional support do not provide absolute protection against determined state-sponsored attackers.
The DPRK’s bloody trail
The hack on SBI Crypto is not an isolated incident but part of a broader, escalating strategy. A report from blockchain analytics firm Chainalysis in 2024 stated that North Korean-affiliated hackers pilfered a record $1.34 billion over 47 incidents that year, constituting 61% of all funds pilfered from crypto platforms.
The DPRK’s attacks persisted into 2025, exemplified by one of the largest single incursions to date, where the Lazarus Group hacked the exchange Bybit for over $1.5 billion. In a notable insight, intelligence platform Arkham credited ZachXBT for supplying the crucial information leading to that finding, highlighting the investigator’s vital role in charting this digital conflict.
The ramifications of such thefts extend beyond corporate financial losses. Western intelligence agencies have alerted that illicit digital assets are funneled directly into Pyongyang’s nuclear and missile programs, turning cryptocurrency crimes into a significant issue of international security.
For the moment, the lack of communication from the SBI Crypto team leaves numerous questions unanswered. Regardless of whether the company acknowledges the breach, the evidence traced by investigators suggests yet another orchestrated attack within a global campaign that shows scant signs of abating.