Back

Major Japanese TradFi Group Suffers a $21 Million North Korean Crypto Hack 

author avatar

Written by
Landon Manning

01 October 2025 16:58 UTC
Trusted
  • Crypto sleuths suspect DPRK hackers drained $21 million from SBI Holdings' mining pool, moving funds via instant exchanges to Tornado Cash.
  • SBI Holdings, Japan’s largest TradFi group, has not acknowledged the breach, leaving the incident unconfirmed but deeply concerning.
  • The attack aligns with rising North Korean exploits targeting exchanges, bridges, and pools, highlighting ongoing crypto infrastructure risks.
Promo

ZachXBT and CyversAlerts identified a potential North Korean hack from SBI Crypto. $21 million was drained from a prominent Japanese TradFi firm’s mining pool.

We have precious few details about the actual incident, and SBI Holdings apparently hasn’t acknowledged the losses. Still, if investigators suspect a DPRK connection, we should treat the allegation seriously.

Sponsored
Sponsored

A Major Hack at SBI Holdings?

SBI Holdings, one of Japan’s largest financial services groups, has been steadily increasing its crypto commitments: launching Bitcoin ETFs and tokenized stocks, furthering public adoption of BTC and stablecoins alike.

However, SBI’s new investments may have exposed it to new dangers in the form of a dangerous North Korean hack.

ZachXBT, the famous crypto sleuth, has developed a strong proficiency in fighting North Korean hacks and identified a potential SBI incident. Although SBI apparently has yet to acknowledge anything, he and CyversAlerts believe that up to $21 million was stolen:

“Addresses linked to SBI Crypto saw ~$21 million in suspicious outflows on BTC, ETH, LTC, DOGE, and Bitcoin Cash. The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash. Several indicators share similarities to other known DPRK attacks,” he claimed via Telegram.

North Korean Attacks on the Rise

SBI Crypto, the alleged hack target, is a mining pool and subsidiary of the main holdings company. Although $21 million represents a tiny fraction of the conglomerate’s total resources, a security breach like this is still quite unfortunate.

Sponsored
Sponsored

Hopefully, it won’t discourage the firm’s continued crypto investment.

North Korean hackers have been choosing more ambitious targets lately, and this SBI incident could fit the pattern of recent hacks.

For example, DPRK-based teams have been running bridge exploits and raiding wallets connected to swap infrastructure; a mining pool could also have multiple points of vulnerability.

Recently, hackers successfully penetrated an exchange’s staking protocol, stealing $41.5 million through a partner API vulnerability.

Although the main exchange’s safeguards remained intact, this peripheral weakness still enabled a huge theft. The SBI mining pool hack could have followed a similar structure.

However, until the company or other crypto sleuths release more details, we can’t be certain of anything. Strictly speaking, SBI could still claim that it conducted these “suspicious” transactions itself, and that there was no hack. This seems highly unlikely, though.

For now, this incident is just another reminder that crypto crime is highly dangerous today.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.