TLDR
- SBI Crypto lost $21M in a hack traced to suspected North Korean hackers.
-
The stolen funds were laundered through Tornado Cash, a decentralized mixing platform.
-
North Korean hackers are increasing their use of privacy tools for illicit activity.
-
The $21M theft adds to a growing list of crypto heists involving state-sponsored hackers.
SBI Crypto, a Japan-based Bitcoin mining pool under SBI Group, has reportedly lost $21 million in a recent hack. The stolen funds were laundered through Tornado Cash, a decentralized privacy tool. Blockchain investigator ZachXBT traced the theft, which occurred on September 24, 2025. The incident highlights growing concerns over the use of privacy tools in facilitating cybercrime, especially by state-backed actors.
The hack involved the outflow of various cryptocurrencies, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, from multiple wallets linked to SBI Crypto. These funds were routed through instant exchanges to obscure the money trail before being deposited into Tornado Cash. This method mirrors previous hacks attributed to North Korean groups, further linking the attack to these actors.
Suspected North Korean Hackers Linked to SBI Crypto Breach
The blockchain analysis points to the Lazarus Group, a known North Korean state-sponsored cyber unit, as the likely perpetrators of the attack. ZachXBT, in a Telegram post, noted the similarities between the SBI Crypto hack and previous breaches carried out by the Lazarus Group.
The group is notorious for large-scale thefts in the global crypto industry, often using stolen funds to evade sanctions and finance state-sponsored operations.
While SBI Crypto has yet to issue an official statement on the breach, the analysis of the transaction flow is clear. The use of Tornado Cash has drawn attention to the rising role of privacy tools in criminal activities. Experts warn that this trend is growing, as hackers increasingly turn to such platforms to hide the origins of stolen funds.
Tornado Cash Role in Laundering Stolen Funds
Tornado Cash has been at the center of controversy for its role in laundering illicit funds. The platform enables users to obscure the origins of transactions, making it a popular tool for cybercriminals.
In 2022, the U.S. Treasury sanctioned Tornado Cash for its involvement in facilitating money laundering, particularly in relation to North Korean hackers. However, in 2025, a U.S. court lifted those sanctions, allowing the service to resume operations.
This decision has sparked debate over the platform’s role in financial crime. Critics argue that lifting the sanctions has made it easier for hostile actors to exploit the service again. The recent breach of SBI Crypto serves as a reminder of the risks associated with using decentralized privacy tools. Experts suggest that the crypto community must take steps to improve security and monitor the use of these tools more closely.
Increasing Frequency of Crypto Heists and State-Sponsored Attacks
The SBI Crypto hack is not an isolated incident. State-backed hackers, particularly those linked to North Korea, have intensified their efforts to target the cryptocurrency industry.
According to blockchain forensic firms, in 2024 alone, over 47 incidents resulted in the theft of more than $1.3 billion from the crypto industry. The trend has continued in 2025, with hackers stealing an estimated $2.2 billion in the first half of the year.
In addition to SBI Crypto, other high-profile targets include the $1.4 billion breach of the Bybit exchange and the $50 million theft from the crypto neobank Infini. These attacks demonstrate the growing risks faced by the cryptocurrency sector, as state-sponsored hackers continue to exploit vulnerabilities to finance illicit operations and evade international sanctions.
