North Korean Hackers Steal $21M From SBI Crypto, Laundered via Tornado Cash

Core Insights - SBI Crypto, a subsidiary of SBI Group, suffered a $21 million hack attributed to suspected North Korean hackers, adding to a series of cyberattacks linked to North Korea's state-backed cyber units [1][5][6] Group 1: Incident Details - The breach was first identified by blockchain analyst ZachXBT, who noted suspicious outflows from SBI Crypto wallet addresses on September 24, 2025 [2] - Approximately $21 million worth of various cryptocurrencies, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, was drained from company-linked addresses [2][3] - The stolen funds were funneled through five instant exchanges before being deposited into Tornado Cash, a crypto mixer associated with laundering operations [3][4] Group 2: Context and Implications - The tactics used in the SBI Crypto theft resemble previous intrusions by North Korea's Lazarus Group, indicating a pattern in their cyber operations [3] - Despite the significant theft, SBI has not publicly disclosed the incident, raising concerns about transparency in the industry [4] - The use of Tornado Cash in the laundering process has attracted renewed scrutiny, especially after the U.S. Treasury sanctioned the mixer in 2022 for processing illicit funds [4][5] Group 3: Broader Trends - North Korean hackers have stolen over $1.3 billion across 47 incidents in 2024, with an estimated $2.2 billion stolen in the first half of 2025, highlighting the increasing sophistication and frequency of these cyberattacks [5][6] - Investigations reveal that North Korean cyber campaigns extend beyond hacking to include fraudulent employment schemes, indicating a broader strategy in their operations [7]