US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

The US Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers linked to the North Korean government.

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced new sanctions against Sinbad.io, which officials say was used by the North Korean Lazarus Group to process millions of dollars of stolen virtual currency in attacks over the past two years, including incidents. involving Horizon Bridge and Axie Infinity.

Cryptocurrency mixer is also used by cybercriminals to make it difficult for investigators to track transactions related to sanctions evasion, drug trafficking, purchase of child pornography and other illicit sales on darknet markets.

“The combination of services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will lead to serious consequences” said Deputy Treasury Secretary Wally Adeyemo.

The platform’s website was also seized and replaced with a banner of several law enforcement agencies, including the FBI, the Ministry of Justice, the Finnish National Bureau of Investigation and other international agencies.

US officials said Sinbad is the “preferred mixing service” of the Lazarus Group – which is behind several of the biggest crypto hacks in recent years. The Sinbad platform obscures the origin, destination and parties involved in illicit transactions, with experts noting that it is likely the successor to Blender.io, another blender. sanctioned by OFAC last year.

The Treasury Department and blockchain research firm Elliptic said There are infrastructure links between Blender.io and Sinbad, including shared cryptocurrency wallets and much more.

According to the Treasury Department, North Korean hackers used it to launder much of the cash. $100 million stolen on June 3 from Atomic Wallet customersas well as a significant portion of the more than $620 million stolen from Axie Infinity and the $100 million withdrawn from Horizon Bridge — two of the biggest crypto thefts ever recorded.

The Lazarus Group has been around for more than 10 years and, according to U.S. officials, has stolen more than $2 billion in cryptocurrency to help finance the North Korean government’s activities, including its weapons of mass destruction programs and ballistic missiles. The group itself was sanctioned by OFAC in 2019.

The OFAC sanctions announced Wednesday mean that U.S. citizens are prohibited from dealing with Sinbad in any way. Anyone caught doing business with the platform may also face sanctions, they added.

The Treasury Department has sought to limit the ability of state-sponsored actors and cybercriminals to use cryptocurrency mixing services through sanctions over the past two years. US law enforcement agencies have closed or sanctioned several platforms, including Blender.io, Tornado Cashand others.

Elliptic, blockchain research company note that they found thousands of additional addresses connected to this mixer.

“In addition to the hacks mentioned by the U.S. Treasury in the press release, Sinbad was also used to launder a portion of the proceeds from other major hacks, including thefts from Stake.com (September 2023, $41 million). CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” they said.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.