SBI Crypto hack strips $21m as laundering trail points to DPRK actors

SBI Crypto is the latest major exchange in the crosshairs of a suspected state-sponsored attack, with sleuth ZachXBT, citing help from Cyvers, tracing a $21 million multi-coin theft to wallets linked to previous DPRK campaigns.

On Oct. 1, online crypto sleuth ZachXBT revealed that one week prior, addresses associated with SBI VC Trade Co., Ltd., the entity behind SBI Crypto, were drained of approximately $21 million in digital assets.

The heist, executed on September 24, involved Bitcoin ( BTC ), Ethereum ( ETH ), Litecoin ( LTC ), Dogecoin ( DOGE ), and Bitcoin Cash ( BCH ). According ZachXBT’s investigation, which was conducted with blockchain security firm Cyvers, the stolen funds were quickly routed through five different instant exchanges before being deposited into the sanctioned crypto mixer Tornado Cash, a classic obfuscation technique.

SBI Crypto is silent, but a pattern of theft points to North Korea 

The connection to North Korean operatives, while not yet confirmed by law enforcement, rests on distinct on-chain patterns recognized by investigators. ZachXBT’s report notes that the specific methods used to move the stolen funds, including the choice of instant exchanges and the swift funneling into Tornado Cash, share “several indicators” with the documented money-laundering workflows of the Lazarus Group and other DPRK-affiliated hacking units.

As of this writing, SBI Crypto has not issued a public statement confirming or denying the breach, leaving its clients and the market reliant on independent sleuths for critical information.

The target itself, SBI Crypto, is no minor platform. Operating formally as SBI VC Trade Co., Ltd., it is the crypto arm of the sprawling SBI Group, a publicly traded Japanese financial powerhouse. SBI Group is Japan’s largest comprehensive internet financial group, and the subsidiary offers a full suite of retail services, including spot and leveraged trading, a coin lending service, and automated accumulation plans.

SBI Crypto’s deep integration into the traditional financial landscape makes the breach particularly alarming, demonstrating that regulatory compliance and institutional backing are not impervious shields against determined state-level attackers.

The DPRK’s bloody trail

The SBI crypto hack is not an isolated event but part of a relentless, escalating campaign. According to a 2024 report from blockchain analytics firm Chainalysis, North Korean-affiliated hackers stole a record $1.34 billion across 47 incidents that year, accounting for 61% of all funds stolen from crypto platforms.

DPRK’s siege continued into 2025 with one of the largest single raids to date, where the Lazarus Group was credited with hacking the exchange Bybit for over $1.5 billion. In a telling footnote, intelligence platform Arkham cited ZachXBT for providing the critical information that led to that revelation, underscoring the sleuth’s pivotal role in mapping this digital battlefield.

The consequences of such thefts ripple beyond corporate losses. Western intelligence agencies have warned that stolen digital assets funnel directly into Pyongyang’s nuclear and missile programs, transforming crypto crime into a matter of international security.

For now, silence from the SBI Crypto team leaves more questions than answers. Whether the company confirms the breach or not, the evidence traced by investigators points to another coordinated strike in a global campaign that shows little sign of slowing.