SBI Crypto has become the latest prominent exchange implicated in a suspected state-sponsored cyberattack, with investigator ZachXBT, aided by Cyvers, linking a $21 million multi-coin theft to wallets associated with earlier DPRK operations.
Summary
- Recent reports indicate that SBI Crypto has suffered a $21 million loss due to a multi-coin hack, as identified by ZachXBT and Cyvers.
- Investigators noted discernible laundering patterns akin to previous DPRK-related operations.
- As of now, the exchange has not publicly acknowledged the breach.
On October 1, crypto investigator ZachXBT disclosed that just a week earlier, wallets linked to SBI VC Trade Co., Ltd., the parent company of SBI Crypto, were emptied of roughly $21 million in digital currencies.
The theft, carried out on September 24, involved Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH). According to ZachXBT’s findings, conducted in collaboration with blockchain security firm Cyvers, the stolen assets were rapidly funneled through five different instant exchanges before being sent to the sanctioned crypto mixer Tornado Cash, a common obfuscation method.
SBI Crypto remains tight-lipped, but trends indicate a North Korean link
While not officially confirmed by law enforcement, the potential connection to North Korean actors is based on notable on-chain patterns recognized by analysts. ZachXBT’s investigation observes that the strategies for transferring the stolen assets, including the selection of instant exchanges and the rapid transition to Tornado Cash, display “multiple indicators” similar to the money-laundering tactics employed by the Lazarus Group and other DPRK-associated hacking teams.
As of this moment, SBI Crypto has not released any public statements to either confirm or refute the breach, leaving clients and the market dependent on independent investigations for vital updates.
SBI Crypto is no minor player in the arena. Officially known as SBI VC Trade Co., Ltd., it operates as the crypto division of the vast SBI Group, a publicly listed Japanese financial titan. SBI Group is Japan’s largest comprehensive internet financial entity, offering a wide array of retail services, including both spot and leveraged trading, a coin lending service, and automated investment plans.
The deep integration of SBI Crypto into the traditional financial ecosystem amplifies the severity of the breach, illustrating that regulatory oversight and institutional support do not provide foolproof protection against determined state-sponsored intrusions.
The DPRK’s trail of destruction
The hack on SBI Crypto is not an isolated incident but part of a relentless pattern of attacks. A 2024 report from the blockchain analytics firm Chainalysis indicates that North Korean-affiliated cybercriminals pilfered a staggering $1.34 billion across 47 cases during that year, accounting for 61% of all stolen funds from crypto platforms.
The DPRK’s assault persisted into 2025, marked by one of the largest single hacks, where the Lazarus Group was implicated in breaching the Bybit exchange for over $1.5 billion. Notably, intelligence platform Arkham highlighted ZachXBT for supplying crucial insights that led to this discovery, underscoring the investigator’s significant role in mapping this digital frontier.
The ramifications of such cyber thefts extend beyond corporate impacts. Western intelligence agencies have cautioned that the misappropriated digital assets directly fund Pyongyang’s nuclear and missile initiatives, converting cybercrime into an issue of international security.
For now, the silence from SBI Crypto raises more questions than answers. Regardless of whether the company chooses to acknowledge the breach, the evidence assembled by investigators points to yet another coordinated assault in a global campaign that shows no signs of abating.
