SBI Crypto Hack Exposes Major Security Gaps in Japan’s Institutional Sector

TLDR

• North Korean hackers stole $21M in Bitcoin and Ethereum from SBI Crypto.
• The breach highlights security risks in Japan’s institutional crypto sector.
• SBI Crypto funds were laundered using instant-exchanges and Tornado Cash.
• The attack follows a broader trend of state-backed cyberattacks in Asia.

A recent cyberattack targeting the crypto subsidiary of Japan’s SBI Group has drawn attention to the vulnerabilities within the country’s institutional crypto infrastructure. In a breach that drained $21 million worth of Bitcoin and Ethereum, investigators traced the stolen assets to a North Korean-linked hacking group. This attack raises serious concerns about the security of digital assets in traditional financial institutions and the effectiveness of current security protocols.

North Korean Cyberattack Targets SBI Crypto

The hack occurred in late September 2025, with blockchain forensics revealing that roughly $21 million in cryptocurrency was stolen from SBI Crypto’s wallets. Analysts quickly identified the involvement of the Lazarus Group, a North Korean cybercriminal group.

This group has been responsible for numerous attacks on financial institutions, with the stolen funds flowing through multiple exchanges before being deposited into Tornado Cash, a mixing service often used to conceal the origins of illicitly obtained assets.

On-chain investigators noted that the technique used in this attack mirrored previous operations tied to North Korea. The stolen funds were converted into different assets and routed through instant-exchange platforms, which do not require user registration, making it easier to obscure the origin of the funds. This attack is not an isolated incident, but part of a broader pattern of state-sponsored cyberattacks targeting financial institutions across Asia.

Japan’s Crypto Security and Institutional Risks

While Japan has established strict regulations for cryptocurrency exchanges, this attack highlights ongoing vulnerabilities within institutional systems. The breach raises concerns about the security of hot wallets and internal risk management practices, especially within financial institutions that have integrated digital asset divisions.

SBI Group’s heavy investment in blockchain technology through its SBI VC Trade and SBI Crypto units now faces scrutiny over the effectiveness of its security measures.

Despite Japan’s reputation for strong oversight in the crypto space, incidents like this expose the challenges of securing digital assets within centralized financial institutions. The breach may prompt a reevaluation of existing security frameworks, particularly with regard to how crypto custodians manage and protect institutional funds. If such breaches can occur within regulated banks, it challenges the assumption that traditional financial infrastructure is inherently more secure than decentralized finance (DeFi).

The Larger Geopolitical Context

The hack also sheds light on the growing threat posed by state-sponsored cyberattacks targeting financial institutions for political and economic gain. The North Korean government has long been linked to cyberattacks aimed at evading sanctions and financing weapons programs. According to Chainalysis, North Korean hackers have stolen over $2 billion in crypto assets in 2025 alone, marking a record year for cyber-enabled thefts.

This geopolitical context makes the attack on SBI Crypto a worrying sign for other financial institutions involved in the cryptocurrency market. The use of decentralized tools like Tornado Cash by North Korean hackers further complicates efforts to track and recover stolen funds.

Despite regulatory actions taken against Tornado Cash, including its 2022 sanctioning by the U.S. Department of the Treasury, its continued use for laundering funds underscores the challenges faced by regulators in containing illicit activities.

Potential Policy Changes and Increased Scrutiny

In response to the attack, Japan’s Financial Services Agency (FSA) may increase regulatory scrutiny on the crypto arms of financial institutions. This could lead to stricter reporting standards and the mandatory adoption of monitoring tools that comply with global anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

Such measures could require banks and financial institutions to adopt more comprehensive security protocols, including enhanced tracking of transactions to prevent similar incidents in the future.

As the digital asset industry matures, regulatory bodies worldwide may push for tighter integration of crypto services within traditional financial systems. This could lead to the establishment of more robust contingency frameworks for institutions that handle crypto assets. In Japan, where the financial sector is highly regulated, the SBI Crypto breach may prompt a reassessment of how digital assets are managed within banks and other regulated entities.

The post SBI Crypto Hack Exposes Major Security Gaps in Japan’s Institutional Sector appeared first on CoinCentral.