New Delhi, Oct. 2, 2025 — A sophisticated cyberattack targeting SBI Crypto, the mining arm of Japan’s SBI Group, has sent shockwaves through the digital asset industry. Investigators say hackers linked to North Korea’s Lazarus Group siphoned off nearly ₹175 crore worth of cryptocurrencies, marking a major shift in the regime’s cyber operations.
A Calculated Strike on Mining Infrastructure
The breach, detected in September, drained multiple assets — including Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash — from wallets tied to SBI Crypto’s mining pool.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
According to blockchain security analysts, the stolen funds were quickly funneled through Tornado Cash and cross-chain bridges, making detection and recovery nearly impossible. The laundering techniques were consistent with previous Lazarus campaigns.
“This was not a random hack. It was a strategic strike on the backbone of the crypto ecosystem,” said a cybersecurity consultant familiar with the case.
Why Mining Pools Are Now Prime Targets
Mining pools coordinate the efforts of thousands of miners and distribute rewards. But this concentration makes them a high-value single point of failure.
With administrative access, attackers can easily redirect payouts, manipulate block templates, or disrupt network operations. Security researchers warn that weak authentication systems and legacy software often leave mining pools vulnerable.
Lazarus Group’s Evolving Playbook
The Lazarus Group — long accused of state-backed cyber theft — has typically targeted centralized exchanges and custodial wallets. But after the ₹12,500 crore Bybit hack in February, analysts note a pivot toward infrastructure-level breaches.
Investigations suggest North Korea may now run specialized cyber units: one targeting exchanges, another focusing on wallets, and a new wing probing mining infrastructure.
Geopolitical Stakes
For Pyongyang, the motives are clear:
1. Revenue Generation — converting stolen crypto into hard currency to evade sanctions and fund its weapons program.
2. Strategic Disruption — demonstrating an ability to destabilize critical digital infrastructure worldwide.
“This is as much about geopolitics as it is about money,” said a regional cyber analyst.
Expert Commentary
Cybercrime expert and former IPS officer Professor Triveni Singh underscored the broader implications:
“The SBI Crypto breach highlights a dangerous trend — cybercriminals are no longer confined to exchanges. They are now striking at the very roots of blockchain infrastructure. The financial loss of ₹175 crore is significant, but the deeper threat lies in shaking trust in global crypto systems. Companies must adopt multi-layered defenses, AI-driven monitoring, and international intelligence sharing to counter this evolving wave of attacks.”
The Larger Lesson
The SBI Crypto heist signals a dangerous maturity in state-sponsored cyber operations. By shifting from exchanges to the very plumbing of blockchain networks, Lazarus has expanded the battlefield.
The question for the industry and regulators is urgent: can the crypto ecosystem secure not only its funds, but also the infrastructure that keeps it alive?
