Bitcoin mining arm of Japanese giant SBI gets bitten by hackers
Blockchain security investigators have identified suspicious transactions that suggest a likely multimillion-dollar theft from a subsidiary of SBI, A major Japanese group.
In cooperation with crypto security experts from Cyvers, blockchain sleuth ZachXBT said that last week, on September 24th, "suspicious outflows" from SBI Crypto-linked bitcoin (BTC), ethereum (ETH), litecoin (LTC), dogecoin (DOGE), and bitcoin cash (BCH) addresses, worth around $21 million, were registered.
According to the investigator, the stolen funds were transferred to five instant exchanges and deposited into the Tornado Cash crypto mixer.
While the attack vector is unknown, security expert and researcher Taylor Monahan from the most popular ETH wallet, MetaMask, urged everyone to "stop updating your zoom sdk [software development kit]" because "it doesn’t update your sdk it’s just malware."
If you click the button circled in red, your computer is completely compromised.
undefined Tay 💖 (@tayvano_) September 25, 2025
No matter what the alert says.
You run the script, you die, the end.
If you clicked it before, disconnect your computer from the internet and secure your assets and protocol ASAP. pic.twitter.com/a3eAI2j4C0
As of the time of writing, neither SBI Group nor SBI Crypto has addressed the issue publicly. The SBI Crypto mining pool is engaged in mining bitcoin, litecoin, dogecoin, and bitcoin cash.
In the past month, it accounted for almost 2% of the total bitcoin mining hashrate, or the computational power of the network.
Meanwhile, according to ZachXBT, the SBI attack has "several indicators that share similarities" with other known attacks orchestrated by North Korean hackers.
In its latest report on these state-sponsored criminals, blockchain analysis company Chainalysis said that North Korean IT workers "continue to infiltrate IT companies globally to earn income, often in cryptocurrency, used to finance North Korea’s production of weapons of mass destruction and ballistic missiles."
Unlock more exclusive Cybernews content on YouTube.
