Japanese Mining Giant SBI Crypto Hit by $21 Million Breach
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers
Japanese mining pool operator SBI Crypto, a prominent unit of Japan's largest digital asset conglomerate, SBI Group, reportedly suffered a significant theft of $21 million.
Investigators are moving quickly to link the sophisticated breach to attackers backed by North Korea, highlighting the regime's intensifying focus on cryptocurrency-related exploitation.
Details of the Tornado Cash Theft and Role
The breach was brought to light on 1 October by blockchain researcher ZachXBT, who identified unusual outflows from the company's wallets.
The stolen assets were remarkably diverse, involving Bitcoin, Ethereum, Litecoin, Dogecoin and Bitcoin Cash. According to ZachXBT's findings, the movement of the stolen funds showed a clear effort to conceal the trail.
The assets were quickly routed through five separate instant exchanges before finally being channeled into Tornado Cash, a well-known mixing service frequently used to disguise the flow of digital assets.
Despite the considerable scale of the incident, SBI Crypto has yet to issue an official public statement regarding the attack.
ZachXBT has directly linked the security issue to North Korean-backed attackers. In recent years, North Korean hackers have markedly intensified their focus on exploiting the cryptocurrency market, a strategic shift driven by sanctions that have severely restricted the regime's access to mainstream global financial systems.
This evolving strategy has already had a global impact on the digital asset space. This year alone, attackers attributed to the DPRK have drained over $1.8 billion from cryptocurrency markets, an alarming figure that exceeds the $1.3 billion attributed to them the previous year.
This highlights their increasing reliance on blockchain-based theft as their main revenue stream. Major crypto platforms such as Bybit, DMM Bitcoin and WazirX were among the victims this year.
SBI Crypto plays a significant role in the global mining landscape. MiningPoolStats data ranks it as the 12th largest Bitcoin mining pool, operating with an estimated hash power of 20 EH/s.
SBI Crypto Mining, Source: Mining Pool Stats
The records indicate that the pool successfully produced a Bitcoin blockchain less than a day before news of the breach came to light. The company maintains an even stronger presence on the Bitcoin Cash network, where it controls over 21% of the computation share with 900.67 PH/s, having mined blocks on that chain just hours before the incident.
Although smaller, it also maintains Litecoin operations with 3.92 TH/s, having found the last block two days ago. The attack on such a crucial operator signals a growing and persistent threat to the infrastructure of major cryptocurrency networks.
The de-escalation agreement between the US and China provides for a 10% reduction on duties in November 2025 and the purchase of 25 million tonnes of soya beans per year until 2028. Benefits for agriculture and crypto.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
Hong Kong marks a historic milestone by approving the first spot ETF on Solana (SOL) in Asia, making it the first jurisdiction to list a 100% spot fund on SOL.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
Japanese mining pool operator SBI Crypto, a prominent unit of Japan's largest digital asset conglomerate, SBI Group, reportedly suffered a significant theft of $21 million.
Investigators are moving quickly to link the sophisticated breach to attackers backed by North Korea, highlighting the regime's intensifying focus on cryptocurrency-related exploitation.
Details of the Tornado Cash Theft and Role
The breach was brought to light on 1 October by blockchain researcher ZachXBT, who identified unusual outflows from the company's wallets.
The stolen assets were remarkably diverse, involving Bitcoin, Ethereum, Litecoin, Dogecoin and Bitcoin Cash. According to ZachXBT's findings, the movement of the stolen funds showed a clear effort to conceal the trail.
The assets were quickly routed through five separate instant exchanges before finally being channeled into Tornado Cash, a well-known mixing service frequently used to disguise the flow of digital assets.
Despite the considerable scale of the incident, SBI Crypto has yet to issue an official public statement regarding the attack.
ZachXBT has directly linked the security issue to North Korean-backed attackers. In recent years, North Korean hackers have markedly intensified their focus on exploiting the cryptocurrency market, a strategic shift driven by sanctions that have severely restricted the regime's access to mainstream global financial systems.
This evolving strategy has already had a global impact on the digital asset space. This year alone, attackers attributed to the DPRK have drained over $1.8 billion from cryptocurrency markets, an alarming figure that exceeds the $1.3 billion attributed to them the previous year.
This highlights their increasing reliance on blockchain-based theft as their main revenue stream. Major crypto platforms such as Bybit, DMM Bitcoin and WazirX were among the victims this year.
SBI Crypto plays a significant role in the global mining landscape. MiningPoolStats data ranks it as the 12th largest Bitcoin mining pool, operating with an estimated hash power of 20 EH/s.
The records indicate that the pool successfully produced a Bitcoin blockchain less than a day before news of the breach came to light. The company maintains an even stronger presence on the Bitcoin Cash network, where it controls over 21% of the computation share with 900.67 PH/s, having mined blocks on that chain just hours before the incident.
Although smaller, it also maintains Litecoin operations with 3.92 TH/s, having found the last block two days ago. The attack on such a crucial operator signals a growing and persistent threat to the infrastructure of major cryptocurrency networks.
Read Next
Trump and Xi sign historic US-China agreement: markets soar
The de-escalation agreement between the US and China provides for a 10% reduction on duties in November 2025 and the purchase of 25 million tonnes of soya beans per year until 2028. Benefits for agriculture and crypto.
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
Hong Kong Approves Spot ETF on Solana: First in Asia, Outperforms US
Hong Kong marks a historic milestone by approving the first spot ETF on Solana (SOL) in Asia, making it the first jurisdiction to list a 100% spot fund on SOL.
North Korea: The Ultimate Cyber-Attack? Evasive Malware and Blockchain in the Crosshairs.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)