Blockchain analytics firm ZachXBT has reported that on September 24, 2025, digital wallets connected to SBI Crypto, a division of the major Japanese financial institution SBI Group, experienced unusual outflows totaling approximately $21 million.
Among the assets moved were bitcoin, ether, litecoin, dogecoin and bitcoin cash. Subsequent analysis indicates these funds were routed through five separate instant crypto exchanges before being deposited into Tornado Cash, a cryptocurrency mixer previously sanctioned by the United States Treasury Department.
In a message posted on Telegram, ZachXBT highlighted similarities between this incident and previous cyberattacks attributed to North Korean state-sponsored actors. This has fueled concerns that the event may represent another instance of cryptocurrency theft linked to the Democratic People’s Republic of Korea (DPRK).
SBI Crypto functions as a cryptocurrency mining pool operating under the umbrella of SBI Group, a publicly listed Japanese financial conglomerate with extensive involvement in both traditional and digital asset markets.
As of the time of this report, SBI Group has not made any public statements regarding the incident, nor have they provided an official response. Requests for comment from CoinDesk have gone unanswered.
North Korean hacking groups, particularly the Lazarus Group, have been implicated in the theft of billions of dollars worth of digital assets in recent years. These illicit funds are often laundered using decentralized mixers such as Tornado Cash, despite increased regulatory pressure from authorities worldwide.