Japanese mining pool operator SBI Crypto, a prominent unit of Japan's largest digital asset conglomerate, SBI Group, reportedly suffered a significant theft of $21 million.
Investigators are moving quickly to link the sophisticated breach to attackers backed by North Korea, highlighting the regime's intensifying focus on cryptocurrency-related exploitation.
Details of the Tornado Cash Theft and Role
The breach was brought to light on 1 October by blockchain researcher ZachXBT, who identified unusual outflows from the company's wallets.
The stolen assets were remarkably diverse, involving Bitcoin, Ethereum, Litecoin, Dogecoin and Bitcoin Cash. According to ZachXBT's findings, the movement of the stolen funds showed a clear effort to conceal the trail.
The assets were quickly routed through five separate instant exchanges before finally being channeled into Tornado Cash, a well-known mixing service frequently used to disguise the flow of digital assets.
Despite the considerable scale of the incident, SBI Crypto has yet to issue an official public statement regarding the attack.
ZachXBT has directly linked the security issue to North Korean-backed attackers. In recent years, North Korean hackers have markedly intensified their focus on exploiting the cryptocurrency market, a strategic shift driven by sanctions that have severely restricted the regime's access to mainstream global financial systems.
This evolving strategy has already had a global impact on the digital asset space. This year alone, attackers attributed to the DPRK have drained over $1.8 billion from cryptocurrency markets, an alarming figure that exceeds the $1.3 billion attributed to them the previous year.
This highlights their increasing reliance on blockchain-based theft as their main revenue stream. Major crypto platforms such as Bybit, DMM Bitcoin and WazirX were among the victims this year.
SBI Crypto plays a significant role in the global mining landscape. MiningPoolStats data ranks it as the 12th largest Bitcoin mining pool, operating with an estimated hash power of 20 EH/s.
The records indicate that the pool successfully produced a Bitcoin blockchain less than a day before news of the breach came to light. The company maintains an even stronger presence on the Bitcoin Cash network, where it controls over 21% of the computation share with 900.67 PH/s, having mined blocks on that chain just hours before the incident.
Although smaller, it also maintains Litecoin operations with 3.92 TH/s, having found the last block two days ago. The attack on such a crucial operator signals a growing and persistent threat to the infrastructure of major cryptocurrency networks.
