Bitcoin News Today: North Korean Hackers Exploit Crypto's Weaknesses, Industry Struggles to Keep Pace

Generated by AI AgentCoin World
Thursday, Oct 2, 2025 9:04 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
BTC
--
ETH
--
LTC
--
DOGE
--
BCH
--
TORN
--
Aime RobotAime Summary

- SBI Crypto, a Japan-based crypto firm, lost $21 million in late 2025 after North Korean hackers exploited its mining pool wallets, stealing BTC, ETH, and other cryptocurrencies.

- Funds were laundered via Tornado Cash and five exchanges, mirroring tactics used by the Lazarus Group, a North Korean cyber unit linked to over $2.2 billion in 2025 crypto thefts.

- The attack highlights vulnerabilities in centralized crypto infrastructure, as SBI Crypto remains silent and regulators struggle to track decentralized fund movements.

- North Korean operatives also use fake identities and malware to infiltrate blockchain projects, as seen in the PylangGhost campaign targeting developers' devices.

SBI Group's crypto arm, SBI Crypto, suffered a $21 million exploit in late September 2025, with blockchain analysts attributing the breach to North Korean state-backed hackers. The theft involved the siphoning of

Bitcoin
(BTC),
Ethereum
(ETH),
Litecoin
(LTC),
Dogecoin
(DOGE), and
Bitcoin Cash
(BCH) from compromised wallets linked to the mining pool. Funds were routed through five instant exchanges before being laundered via Tornado Cash, a crypto mixer previously sanctioned by the U.S. Treasury for its role in obscuring illicit transactions. Analysts, including ZachXBT, noted that the tactics mirrored prior attacks linked to the Lazarus Group, a North Korean cyber unit with a history of high-profile digital asset heistsZachXBT SBI Crypto Theft Adds to $2.2B Stolen by North Korean Hackers in 2025[1].

The breach was first detected on September 24, 2025, when suspicious outflows were observed from wallet addresses such as "0x40d7" and "bc1qx0a2k." The stolen assets were moved rapidly, leveraging decentralized infrastructure to evade detection. This incident follows a broader trend of North Korean cyber campaigns, which have stolen over $2.2 billion in crypto-related assets in the first half of 2025 aloneSBI Crypto Reportedly Hit by $21M Hack With Suspected DPRK Links[2]. Tornado Cash, despite regulatory scrutiny, remains a preferred tool for laundering, with its recent legal restrictions lifted by a U.S. court, raising concerns about renewed exploitationSBI Crypto Hit by $21 Million Hack Linked to North Korean Hackers[3].

SBI Crypto, a subsidiary of Japan's SBI Group, has not publicly confirmed the breach or issued a formal statement. The company, which operates as a mining pool and has expanded into crypto ETFs and tokenized assets, faces heightened scrutiny for its security protocols. The attack underscores vulnerabilities in cryptocurrency infrastructure, particularly in mining pools and exchanges, which are increasingly targeted for their centralized fund managementSBI Group’s Crypto Arm Hit By $21M Exploit Linked To North…[4].

North Korean hacking operations extend beyond direct thefts. Investigations have revealed fraudulent employment schemes, where operatives posed as blockchain developers to infiltrate projects. These tactics include creating fake identities, purchasing stolen Social Security numbers, and deploying malware through job interview platforms. In June 2025, the "PylangGhost" campaign by Lazarus Group operatives infected blockchain developers' devices, targeting over 80 browser extensions, including popular wallets like MetaMaskNorth Korean Hackers Steal $21M From SBI Crypto, Laundered via…[5].

The SBI incident adds to a growing list of North Korea-linked exploits in 2025, including a $680,000 theft from the crypto project Favrr and the recent $1.5 billion heist against Bybit, the second-largest cryptocurrency exchangeNorth Korean hackers steal record $1.5 billion in single…[6]. U.S. law enforcement has responded with seizures, including the confiscation of $7.7 million in illicitly obtained crypto, but challenges persist in tracing and recovering funds laundered through decentralized networks.

As of press time, the stolen $21 million remains unaccounted for, and SBI Group has not commented on the breach. The incident highlights the escalating sophistication of North Korean cyberattacks and the urgent need for robust security measures in the crypto sector. With regulatory and technological defenses struggling to keep pace, the industry faces a critical juncture in addressing state-sponsored threatsFBI Warns of North Korean Cyberattacks on Crypto ETF…[7].