BusinessPostCorner.com
No Result
View All Result
Thursday, July 16, 2026
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

North Korean Hackers Steal $21M From SBI via Tornado

October 1, 2025
in Crypto News
Reading Time: 5 mins read
A A
0
North Korean Hackers Steal M From SBI via Tornado
ShareShareShareShareShare

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Share

Last updated: 

October 1, 2025

North Korean Hackers Steal M From SBI via Tornado

Japanese cryptocurrency company SBI Crypto has fallen victim to a $21 million hack that blockchain investigators have traced to suspected North Korean hackers.

The incident adds to a growing list of high-profile cyberattacks attributed to North Korea’s state-backed cyber units, which have stolen billions of dollars from the digital asset sector in recent years.

The breach was first flagged by blockchain analyst ZachXBT, who identified suspicious outflows from SBI Crypto wallet addresses on September 24, 2025.

Source: ZachXBT

SBI Crypto Theft Adds to $2.2B Stolen by North Korean Hackers in 2025

According to his analysis, approximately $21 million worth of cryptocurrency, including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash, was drained from company-linked addresses.

The funds were routed through five instant exchanges before being deposited into Tornado Cash, a crypto mixer frequently associated with laundering operations.

On-chain records show that the compromised wallets, including addresses beginning with “0x40d7” and “bc1qx0a2k,” were systematically emptied and funneled through laundering channels.

Source: ZachXBT

ZachXBT noted that the tactics and digital fingerprints used in the SBI Crypto theft closely resemble other intrusions carried out by the Democratic People’s Republic of Korea (DPRK) cyber units, commonly known as the Lazarus Group.

SBI Crypto is a mining pool and wholly owned subsidiary of SBI Group, one of Japan’s largest financial services conglomerates. Despite the scale of the theft, SBI has not yet publicly disclosed the incident.

The use of Tornado Cash in the laundering process has drawn renewed scrutiny. The mixer was sanctioned by the U.S. Treasury in 2022 due to its role in processing illicit funds, including those linked to North Korea.

Earlier this year, however, a U.S. court lifted restrictions on the platform, sparking concerns that state-backed hackers would once again exploit the service to conceal stolen assets.

The SBI incident is the latest in a string of North Korea-linked cyberattacks targeting cryptocurrency exchanges, projects, and users. Data compiled by blockchain forensics firms show that North Korean hackers stole over $1.3 billion across 47 incidents in 2024 alone.

In the first half of 2025, they stole an estimated $2.2 billion, showing the growing sophistication and frequency of these operations.

North Korean Crypto Campaigns Expand From Hacks to Fraudulent Employment Schemes

Investigations into DPRK cyber campaigns have revealed that they extend far beyond hacking wallets and exchanges.

On August 13, ZachXBT published evidence of a covert North Korean employment scheme involving five operatives who posed as blockchain developers.

These operatives allegedly created more than 30 fake identities using government-issued identification, purchased Social Security numbers, and set up accounts on professional networks such as Upwork and LinkedIn.

Files obtained included meeting schedules with targeted projects, Google Drive exports, Telegram conversations, and expense spreadsheets listing purchases of VPNs, AI tools, and fake professional accounts.

One of the wallets linked to the fake developer ring was tied to the $680,000 exploit of the crypto project Favrr in June 2025, further connecting the group’s activities to financial crimes.

The exposure of these tactics has triggered heightened concern in the cryptocurrency sector. In several cases, projects discovered that developers and decision-makers in their teams were, in fact, North Korean operatives using false identities.

While some companies, such as Kraken, have successfully identified and blocked suspected North Korean applicants, others have been less successful, with millions lost to fraudulent employment schemes and phishing attacks disguised as job offers.

Beyond employment fraud, North Korea has been linked to highly sophisticated malware campaigns. In June, cybersecurity firm Cisco Talos documented the “PylangGhost” campaign, in which Lazarus Group operatives created fake coding tests and video interview platforms designed to infect blockchain developers’ devices.

The malware targeted over 80 browser extensions, including popular crypto wallets like MetaMask and Phantom.

U.S. law enforcement has responded with seizures and arrests tied to DPRK-linked operations. In June, authorities confiscated $7.7 million in cryptocurrency allegedly earned through covert North Korean IT worker networks.

Earlier, the FBI dismantled fake companies such as Blocknovas LLC in South Carolina and Softglide LLC in New York, which had been set up to create legitimate corporate fronts for infiltration campaigns.

Former Binance CEO Changpeng Zhao also issued a warning in September, stating that North Korean hackers were increasingly infiltrating crypto firms through fake job applications, bribery of contractors, and malware hidden in interview links.

As of press time, the stolen funds remain unaccounted for, and SBI Crypto has yet to issue a formal statement addressing the breach.


Credit: Source link

ShareTweetSendPinShare
Previous Post

US pledges to defend Qatar against ‘any attack’

Next Post

IRS tweaks post-appeals mediation process

Next Post
IRS tweaks post-appeals mediation process

IRS tweaks post-appeals mediation process

We’ve saved £6,000 on holidays by swapping homes with strangers

We’ve saved £6,000 on holidays by swapping homes with strangers

July 10, 2026
Dimon pressed over whether he lobbied UK government on Epstein’s advice

Dimon pressed over whether he lobbied UK government on Epstein’s advice

July 13, 2026
The escalating U.S.–Iran war is rewriting the CEO playbook again

The escalating U.S.–Iran war is rewriting the CEO playbook again

July 13, 2026
Platform acquires The Hultquist Firm

Platform acquires The Hultquist Firm

July 14, 2026
‘Cool in 90 seconds’ – the fake portable air conditioners sweeping the internet

‘Cool in 90 seconds’ – the fake portable air conditioners sweeping the internet

July 10, 2026
Behind the multiple in accounting firms

Behind the multiple in accounting firms

July 14, 2026
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Invisible Learning: Building Skills at the Pace of Work

Invisible Learning: Building Skills at the Pace of Work

July 16, 2026
Euro Car Parks being investigated over petrol forecourt parking tickets

Euro Car Parks being investigated over petrol forecourt parking tickets

July 16, 2026

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!