SBI Crypto suspected of being hacked! $21 million worth of encryption assets flowed out, suspected to be the work of North Korean hackers.

The Japanese financial giant SBI Group's subsidiary SBI Crypto is suspected to have been hacked on September 24, 2025, resulting in a total loss of up to $21 million. The assets involved include Bitcoin, Ether, Litecoin, DOGE, and Bitcoin Cash. On-chain detective ZachXBT revealed this incident, pointing out that the funds have already been transferred to mixing tools such as Tornado Cash, with methods remarkably similar to past North Korean hacker attacks. Currently, SBI has not issued any official statement.

Abnormal on-chain fund flow, with a loss amount reaching 21 million dollars.

According to the analysis by well-known on-chain investigator ZachXBT, wallets related to SBI Crypto experienced large abnormal transfers on September 24, with funds being quickly transferred to several instant trading platforms, and then further flowing into the anonymous mixing tool Tornado Cash.

The assets stolen this time span multiple cryptocurrencies, including:

* Bitcoin (BTC) * Ethereum (ETH) * Litecoin (LTC) * Dogecoin (DOGE) * Bitcoin Cash (BCH)

According to preliminary statistics by ZachXBT, the total value of these transfers is approximately 21 million USD.

The involved wallet address has been exposed, and the funds are flowing to Tornado Cash.

This incident involves multiple wallet addresses, some of which are listed as "Theft Address", for example:

* 0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866 * bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l * qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k * ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t * DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb

According to on-chain image analysis, hackers transferred different coin assets from the victim's address, ultimately flowing to the mixing address of Tornado Cash. Some of the funds were also sent to deposit addresses of several exchanges, possibly attempting to further launder money.

ZachXBT: The methods are very similar to those of North Korean hackers.

ZachXBT pointed out that this attack has multiple signs that are highly similar to past cases committed by North Korean hacker groups, such as:

Multi-chain transfer and mixing behavior

Using Tornado Cash for fund anonymization

Use instant exchanges to obfuscate fund flows.

This model has appeared in multiple on-chain attack incidents led by the North Korean hacker group "Lazarus Group."

This article reports that SBI Crypto is suspected to have been hacked! $21 million worth of cryptocurrency assets have flowed out, suspected to be the work of North Korean hackers. It first appeared on Chain News ABMedia.