Japanese Crypto Firm SBI Loses $21 Million In Suspected North Korean Cyberattack

Reports have disclosed that Japanese firm SBI Crypto saw about $21 million siphoned from company-linked wallets on September 24, ￰0￱ sleuths flagged the movement, and on-chain traces show funds leaving addresses that start with “0x40d7” and “bc1qx0a2k.” The assets included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin ￰1￱ of this report, the money has not been ￰2￱ Lazarus Group Connections According to blockchain analysts, the transfers followed a clear path: the stolen coins moved through five instant exchanges before being sent into Tornado Cash, the crypto mixer that US authorities sanctioned in ￰3￱ on reports , the same set of tactics — wallet fingerprints, timing, and routing — match other intrusions linked to the Lazarus Group, the state-linked cyber unit from the DPRK.

A US court’s decision earlier this year to lift some restrictions around mixers has raised fresh concerns that these tools can be reused to hide large ￰4￱ Schemes And Fake Profiles Investigations have shown the threat is not only technical but ￰5￱ have disclosed that operatives created dozens of fake identities, bought Social Security numbers, and posed as blockchain developers on platforms such as Upwork and ￰6￱ posted on August 13 linked one such fake-developer wallet to a $680,000 exploit of the project Favrr in June ￰7￱ methods range from phishing and fake job offers to bribery and contractor infiltration, giving attackers ways to penetrate projects from the inside.

A Growing Trail Of Stolen Crypto Based on compiled forensics data, North Korean-linked groups stole more than $1.3 billion across 47 incidents in ￰8￱ figure jumped higher in 2025, with estimates putting thefts at about $2.2 billion in the first half of the year ￰9￱ campaigns have also been ￰10￱ June, Cisco Talos documented “PylangGhost,” a campaign that used bogus coding tests and interview sites to deliver ￰11￱ malware targeted over 80 browser extensions and popular wallets like MetaMask and ￰12￱ enforcement has made some moves: US agents seized $7.7 million tied to covert networks, and the FBI dismantled front companies such as Blocknovas LLC and Softglide ￰13￱ $21 million breach underscores how exposed even major firms remain to state-backed hacking ￰14￱ now, the case stands as another warning: Japanese crypto firm SBI lost $21 million in suspected North Korean ￰15￱ image from Gemini, chart from TradingView