In a significant escalation of state-linked cybercrime, hackers believed to be affiliated with North Korea’s Lazarus Group have stolen nearly ₹175 crore (approx. $21 million) in cryptocurrency from SBI Crypto, the mining subsidiary of Japan’s SBI Group. The attack, detected in September, targeted wallet infrastructure associated with the company’s mining pools.
According to blockchain forensics analysts, the attackers siphoned off a range of digital assets — including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash — and quickly laundered them through Tornado Cash and cross-chain bridges. These sophisticated methods have made tracing the funds virtually impossible.
Mining Pools: The New Bullseye in Crypto Theft
While most crypto heists historically targeted exchanges and custodial wallets, this attack underscores a strategic pivot toward mining pools — centralized platforms that coordinate thousands of miners and distribute rewards. Gaining control over such a platform allows attackers to hijack payouts, modify block templates, or halt operations entirely.
Security researchers note that many mining pools operate with outdated software and weak access controls, making them attractive targets for state-backed groups.
Lazarus Group Evolves Its Tactics
The Lazarus Group, long associated with North Korea’s cyber warfare strategy, has been responsible for some of the largest crypto hacks in recent history, including the infamous Axie Infinity and Bybit breaches. Analysts believe this latest attack signals the emergence of a new division within the group focused on mining infrastructure.
“There is a noticeable shift from attacking user-facing platforms to striking at the foundation of the crypto ecosystem,” said one regional security consultant.
Geopolitical Stakes and Strategic Disruption
The breach serves multiple purposes for the North Korean regime:
Revenue Generation: The stolen crypto can be converted into fiat currency to fund its weapons and missile programs, bypassing international sanctions.
Strategic Disruption: Demonstrating the ability to destabilize key components of the blockchain infrastructure projects power on the global stage.
Cybersecurity experts warn that this incident could trigger a wave of attacks on mining pools globally, urging operators to upgrade their systems and adopt multi-factor authentication, advanced monitoring, and better access controls.
With growing geopolitical tensions and the increasing use of crypto in defense and finance sectors, the SBI Crypto breach is not just a financial incident — it’s a warning shot.
