On Wednesday, the U.S. Treasury Department imposed sanctions against Sinbad. The North Korea-linked Lazarus Group has used this virtual currency mixer to launder ill-gotten proceeds.
“Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists,” the department said.
“Cybercriminals also use Sinbad to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.”
The development builds on prior actions undertaken by the Treasury Department to blockade mixers such as Blender, Tornado Cash, and ChipMixer, all of which have been accused of providing “material support” to the hacking crew by laundering the stolen assets through their services.
Sinbad, initiated by an individual using the pseudonym “Mehdi” in September 2022, informed WIRED in February that it was a genuine privacy-focused project established in response to the “increasing centralization of cryptocurrency and the diminishing privacy assurances it originally seemed to provide.”
It also emerged as a replacement for Blender, with the Lazarus Group using it to launder virtual currency plundered following the hacks of Atomic Wallet and Harmony Horizon Bridge.
“Overall, over one-third of funds sent to Sinbad during its lifetime have come from crypto hacks,” Chainalysis said. “Following the takedown of Tornado Cash and Blender.io last year, Sinbad emerged as the mixer of choice for DPRK-based hacking activities.”
Sinbad has also been used by ransomware actors, darknet markets, and scammers, leveraging it to facilitate illicit transactions by obfuscating their origin, destination, and counterparties.
Blockchain analytics firm Elliptic said there is evidence to suggest that the same individual or group is highly likely behind both Sinbad and Blender based on examining on-chain patterns, how the two mixers operate, similarities in their websites, and their connections to Russia.
“Examination of blockchain transactions reveals that, before its public debut, a ‘service’ address on the Sinbad website received Bitcoin from a wallet thought to be under the control of the Blender operator, likely for testing purposes,” the company stated.
“A Bitcoin wallet responsible for compensating individuals who promoted Sinbad received Bitcoin from the presumed Blender operator wallet. Most early incoming transactions to Sinbad originated from the suspected Blender operator wallet.”
The development occurred as Vitalii Chychasov, a 37-year-old administrator of the now-dismantled online marketplace called SSNDOB, received an eight-year federal prison sentence in the U.S. for selling personal information, including names, dates of birth, and Social Security numbers.
Chychasov, a Ukrainian national, was arrested in March 2022 while attempting to enter Hungary. He was subsequently extradited to the U.S. in July 2022. SSNDOB was taken down in a joint operation led by the U.S., Cyprus, and Latvia in June 2022.