Japanese Crypto Firm SBI Loses $21 Million In Suspected North Korean Cyberattack

**Japanese Crypto Firm SBI Loses $21 Million in Suspected North Korean Cyberattack**

Reports have disclosed that Japanese firm SBI Crypto experienced a major security breach on September 24, 2025, resulting in approximately $21 million being siphoned from company-linked wallets. Blockchain sleuths flagged the suspicious movement, with on-chain traces revealing funds leaving addresses starting with 0x40d7 and bc1qx0a2k. The stolen assets included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. As of this report, the stolen funds remain unrecovered.

### Suspected Lazarus Group Connections

According to blockchain analysts, the stolen coins followed a clear transactional path. The funds moved through five instant exchanges before being sent into Tornado Cash, a crypto mixer that U.S. authorities sanctioned in 2022. A U.S. court decision earlier this year to lift some restrictions on mixers has raised fresh concerns about how these tools can be reused to obscure large-scale thefts.

### Infiltration Schemes and Fake Profiles

Investigations suggest the threat extends beyond technical exploits to include social engineering tactics. Operatives reportedly created dozens of fake identities, purchased Social Security numbers, and posed as blockchain developers on platforms such as Upwork and LinkedIn. Evidence posted on August 13 linked one such fake-developer wallet to a $680,000 exploit of the project Favrr in June 2025.

The attackers employed a wide range of strategies, including phishing, fake job offers, bribery, and contractor infiltration, enabling them to penetrate projects from the inside.

### BTCUSD Trading at $118,960 on the 24-hour Chart
*Source: TradingView*

### A Growing Trail of Stolen Crypto

Compiled forensics data indicates that North Korean-linked groups have stolen more than $1.3 billion across 47 incidents in 2024 alone. This figure escalated in 2025, with estimates suggesting thefts reached approximately $2.2 billion in the first half of the year.

Malware campaigns have also been a key component of these operations. For instance, in June, Cisco Talos documented “PylangGhost,” a campaign that used bogus coding tests and interview sites to deliver malware targeting over 80 browser extensions and popular wallets such as MetaMask and Phantom.

### Law Enforcement Actions

Law enforcement agencies have made some significant moves against these illicit networks. U.S. agents seized $7.7 million linked to covert operations, and the FBI dismantled front companies including Blocknovas LLC and Softglide LLC.

### Conclusion

The $21 million breach at SBI Crypto underscores the persistent vulnerability of even major firms to sophisticated, state-backed hacking campaigns. For now, this incident serves as a stark warning to the crypto industry about the evolving nature of cyber threats.

—

*Featured image from Gemini, chart from TradingView.*
https://bitcoinist.com/japanese-crypto-firm-sbi-loses-21-million-in-suspected-north-korean-cyberattack/