The addresses linked to SBI Crypto, a subsidiary of the SBI group of the Financial Giant of Japan, saw suspicious exits worth approximately $ 21 million on September 24, 2025, according to Blockchain Zachxbt researcher.
The stolen funds included Bitcoin ether , , and . The booty was channeled to five instantaneous exchanges before being deposited in Cash Tornado, a cryptographic mixing service that was previously sanctioned by the United States Treasury.
In a telegram post, Zachxbt said that several indicators resemble tactics used in cyber attacks backed by the previous North Korean state, which raises concerns that this incident could be another in a series of binge bonds linked to the RPDC.
SBI Crypto operates as a low mining group SBI Group, a financial conglomerate that lies in the stock market in Japan with a significant exposure to traditional and digital assets.
From the publication, SBI Group has not publicly revealed the incident or has issued an official response. SBI Group also did not respond to the request for Comments from Coindesk.
Piracy groups linked to North Korea, particularly the Lázaro group, have been linked to thousands of millions in stolen digital assets in recent years. Funds are often washed through decentralized mixers such as Cash Tornado, despite global regulatory repressions.
