On Wednesday, the U.S. Treasury Department imposed sanctions on Sinbad.io, a widely used cryptocurrency mixer, for its role in laundering funds stolen by hackers associated with the North Korean government.
The Office of Foreign Assets Control (OFAC) within the Treasury Department revealed that North Korea’s Lazarus Group had utilized Sinbad.io to launder millions of dollars in virtual currency stolen in various attacks over the past two years, including incidents involving Horizon Bridge and Axie Infinity.
Cybercriminals also use the cryptocurrency mixer to make it difficult for investigators to track transactions related to sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.
“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo.
The platform’s website was also seized and replaced with a banner from several law enforcement agencies, including the FBI, The Department of Justice, Finland’s National Bureau of Investigation, and other international agencies.
U.S. officials said Sinbad is the “preferred mixing service” for the Lazarus Group — which has been behind several of the largest crypto hacks in recent years. The Sinbad platform obfuscates the origin, destination, and parties involved in illicit transactions, with experts noting that it is likely a successor to Blender.io — another mixer sanctioned by OFAC last year.
The Treasury Department and blockchain research firm Elliptic said there are infrastructure ties between Blender.io and Sinbad, including shared cryptocurrency wallets and more.
According to the Treasury Department, North Korean hackers used it to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge — two of the largest crypto thefts on record.
Lazarus Group has been operating for more than ten years and, according to U.S. officials, has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government’s activities — including its weapons of mass destruction and ballistic missile programs. The group itself was sanctioned by OFAC in 2019.
The OFAC sanctions announced on Wednesday mean U.S. citizens are banned from dealing with Sinbad in any way. Anyone caught doing business with the platform may be exposed to sanctions as well, they added.
The Treasury Department has sought to limit the ability of state-backed actors and cybercriminals to use cryptocurrency mixing services through sanctions in the last two years. U.S. law enforcement agencies have shut down or sanctioned several platforms, including Blender.io Tornado Cash.
Blockchain research firm Elliptic noted that they have found thousands of additional addresses connected to this mixer.
“As well as the hacks mentioned by the U.S. Treasury in the press release, Sinbad has also been used to launder some of the proceeds of other major hacks including thefts from Stake.com (September 2023, $41 million), CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” they said.