Major Japanese TradFi Group Suffers a $21 Million North Korean Crypto Hack 

ZachXBT and CyversAlerts identified a potential North Korean hack from SBI Crypto. $21 million was drained from a prominent Japanese TradFi firm’s mining pool.

We have precious few details about the actual incident, and SBI Holdings apparently hasn’t acknowledged the losses. Still, if investigators suspect a DPRK connection, we should treat the allegation seriously.

A Major Hack at SBI Holdings?

SBI Holdings, one of Japan’s largest financial services groups, has been steadily increasing its crypto commitments: launching Bitcoin ETFs and tokenized stocks, furthering public adoption of BTC and stablecoins alike.

However, SBI’s new investments may have exposed it to new dangers in the form of a dangerous North Korean hack.

ZachXBT, the famous crypto sleuth, has developed a strong proficiency in fighting North Korean hacks and identified a potential SBI incident. Although SBI apparently has yet to acknowledge anything, he and CyversAlerts believe that up to $21 million was stolen:

“Addresses linked to SBI Crypto saw ~$21 million in suspicious outflows on BTC, ETH, LTC, DOGE, and Bitcoin Cash. The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash. Several indicators share similarities to other known DPRK attacks,” he claimed.

North Korean Attacks on the Rise

SBI Crypto, the alleged hack target, is a mining pool and subsidiary of the main holdings company. Although $21 million represents a tiny fraction of the conglomerate’s total resources, a security breach like this is still quite unfortunate.

Hopefully, it won’t discourage the firm’s continued crypto investment.

North Korean hackers have been choosing more ambitious targets lately, and this SBI incident could fit the pattern of recent hacks.

For example, DPRK-based teams have been running bridge exploits and raiding wallets connected to swap infrastructure; a mining pool could also have multiple points of vulnerability.

Recently, hackers successfully penetrated an exchange’s staking protocol, stealing $41.5 million through a partner API vulnerability.

Although the main exchange’s safeguards remained intact, this peripheral weakness still enabled a huge theft. The SBI mining pool hack could have followed a similar structure.

However, until the company or other crypto sleuths release more details, we can’t be certain of anything. Strictly speaking, SBI could still claim that it conducted these “suspicious” transactions itself, and that there was no hack. This seems highly unlikely, though.

For now, this incident is just another reminder that crypto crime is highly dangerous today.