Overview

• Outflows totaling about $21 million left addresses tied to SBI Crypto on Sept. 24 across Bitcoin, Ether, Litecoin, Dogecoin, and Bitcoin Cash, according to on‑chain analysis.
• ZachXBT, working with security firm Cyvers, reported the funds were routed through five instant exchanges before landing in the Tornado Cash mixer.
• Investigators said the laundering workflow shows similarities to past operations linked to North Korean groups such as Lazarus, though attribution remains unconfirmed.
• SBI Group has not issued a public statement on the incident, leaving the attack vector, internal impact, and any recovery efforts unclear.
• The episode fits a broader pattern of large crypto thefts tied by analysts to DPRK‑linked actors, with Tornado Cash frequently cited as a preferred obfuscation tool.