$21M Crypto Stolen from Japanese Miner SBI Crypto

Blockchain investigator ZachXBT has identified suspicious outflows totaling approximately $21 million from addresses linked to Japanese crypto mining operation SBI Crypto. The stolen digital assets comprised multiple cryptocurrencies including Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), Dogecoin (DOGE), and Bitcoin Cash (BCH), representing a diversified portfolio of digital assets targeted in the sophisticated attack. According to ZachXBT’s Telegram communications, the stolen funds were either moved directly to “instant exchanges” or laundered through the coin mixing service Tornado Cash, a method commonly employed by sophisticated hacking groups to obscure transaction trails.

Notably, SBI Crypto, a crypto mining pool owned by Japan’s publicly-traded investment management company SBI Group, has yet to publicly acknowledge the suspicious transfers or confirm the security breach. The company’s silence comes despite blockchain evidence clearly showing the movement of substantial funds from its controlled addresses. This incident represents another significant security challenge for SBI Group’s crypto operations, following last year’s agreement where its crypto arm, SBI VC Trade, took control of Bitcoin exchange DMM Bitcoin’s customer assets and accounts after that platform suffered a devastating $308 million hack.

The laundering of stolen funds through Tornado Cash raises significant concerns given the mixing service’s controversial history. Tornado Cash is a coin mixing application that allows users to hide their Ethereum transactions by obfuscating the origin and destination of funds. The U.S. Treasury Department had previously placed the mixing service on its Specially Designated Nationals list in 2022 due to concerns about its use by malicious actors, though it was removed from the list earlier this year. Despite this regulatory change, law enforcement agencies globally continue to monitor the service’s usage patterns.

More alarmingly, ZachXBT noted that “several indicators share similarities to other known Democratic People’s Republic of Korea attacks,” specifically referencing the notorious Lazarus Group. The U.S. Justice Department and international law enforcement agencies have repeatedly alleged that this North Korean state-sponsored hacking group has extensively used Tornado Cash to launder stolen cryptocurrency funds. Investigators have previously linked Lazarus to major crypto exploits including the $1.4 billion hack of crypto exchange Bybit and numerous other high-value thefts. The group typically employs sophisticated techniques to hide stolen funds through decentralized exchanges and obfuscating applications like Tornado Cash.

The SBI Crypto breach represents the latest in a disturbing series of major security incidents that have rocked the cryptocurrency industry in early 2024. This $21 million theft follows the massive $1.4 billion hack of crypto exchange Bybit and the theft of nearly $50 million from crypto neobank Infini, creating a pattern of increasingly sophisticated attacks targeting established crypto entities. According to industry tracking, the total amount stolen from various crypto entities by the end of February 2024 had already nearly matched the full-year total for the previous year, indicating a significant escalation in both the frequency and scale of crypto theft.

The persistent targeting of Japanese crypto entities, including both SBI Crypto and last year’s DMM Bitcoin hack, highlights particular vulnerabilities within the region’s digital asset infrastructure. The involvement of state-sponsored actors like the Lazarus Group further complicates security efforts, as these groups possess resources and sophistication beyond typical criminal organizations. As blockchain investigators like ZachXBT continue to track these movements, the industry faces mounting pressure to implement more robust security measures, particularly for institutional players like SBI Crypto that manage substantial digital asset portfolios on behalf of investors and clients.