The U.S. Treasury Department has initiated sanctions against Sinbad, an implicated virtual currency mixer utilized by the North Korea-affiliated Lazarus Group for laundering illicitly acquired proceeds. This action targets the channel responsible for processing millions of dollars’ worth of virtual currency originating from Lazarus Group-led heists, including those of the Horizon Bridge and Axie Infinity.
Moreover, Sinbad stands accused of serving cybercriminals engaged in obfuscating transactions related to various nefarious activities. These activities range from sanctions evasion to drug trafficking, the procurement of child sexual abuse materials, and additional illicit dealings conducted on darknet marketplaces.
This move by the U.S. Treasury follows prior actions taken by governments in Europe and the U.S. to block mixers such as Blender, Tornado Cash, and ChipMixer. These entities were accused of providing substantial support to hacker groups by laundering pilfered assets through their services.
Sinbad, introduced by an individual identified as “Mehdi” in September 2022, initially presented itself as a privacy-preserving initiative. However, investigations revealed its pivotal role as a replacement for Blender, specifically exploited by the Lazarus Group for laundering cryptocurrency derived from breaches involving Atomic Wallet and Harmony Horizon Bridge.
Chainalysis highlighted that over one-third of funds transferred to Sinbad during its existence originated from cryptocurrency hacks. Following the takedown of Tornado Cash and Blender.io, Sinbad emerged as the preferred mixer for hacking endeavors linked to North Korea.
Beyond its association with ransomware actors, darknet markets, and scammers, Sinbad facilitated illicit transactions by obscuring their origins, destinations, and involved parties.
Furthermore, blockchain analytics firm Elliptic established significant evidence linking Sinbad and Blender. This linkage was established through an analysis of on-chain patterns, operational methods, website similarities, and connections to Russia, suggesting a high probability of a shared operator or group behind both mixers.
Elliptic’s findings indicated that transactions preceding Sinbad’s public launch involved Bitcoin transfers from a wallet believed to be controlled by the Blender operator. Likewise, Bitcoin transfers from the suspected Blender operator wallet were directed to individuals promoting Sinbad, with a majority of initial transactions to Sinbad originating from this wallet.