Sinbad, a virtual currency mixer that helped North Korean cybercriminals from Lazarus and other groups launder millions of dollars, has been sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). All transactions with the service are banned.
Sinbad operated on the bitcoin blockchain and was the preferred mixer service for North Korean hackers. The mixer indiscriminately facilitated illegal transactions by hiding their origin, purpose and counterparties, the press release said. Some experts believe Sinbad is a successor to the Blender.io mixer, which OFAC also listed for providing mixing services to Lazarus Group.
On November 29, OFAC imposed sanctions on Sinbad. As a result, all of its U.S. properties and all assets or interests controlled by U.S. persons must be blocked and reported to OFAC. The sanctions prohibit any transactions involving the blocked entity, and individuals involved in certain transactions may be subject to such sanctions.
“Mixing services that allow criminal groups like Lazarus Group to launder stolen assets will have serious consequences,” said U.S. Treasury Undersecretary Wally Adeyemo.
“The Treasury Department and its partners in the U.S. government are prepared to deploy every tool at their disposal to prevent virtual currency mixers like Sinbad from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”
Sinbad was used by Lazarus Group, a state-sponsored hacker cyber group in the Democratic People’s Republic of Korea (DPRK), to launder much of its stolen treasure. It played a role in laundering a significant portion of the $100 million worth of cryptocurrency looted from Atomic Wallet customers on June 3, 2023.
Sinbad also helped launder cryptocurrency from the Axie Infinity heist of about $620 million in March 2022 and the Horizon Bridge heist of about $100 million in June 2022.
Sinbad is popular among cybercriminals “to conceal transactions related to malicious activity such as sanctions evasion, drug trafficking, the purchase of child sexual abuse material, and other illegal sales on darknet markets.”
According to the executive order, Sinbad materially supported cyber activities and provided technological and other support to individuals who pose a significant threat to U.S. national security.
Lazarus Group has been under OFAC sanctions since September 13, 2019. OFAC has identified the cyber gang as an agency, instrumentality, or controlled organization of the DPRK government. Lazarus Group allegedly stole more than $2 billion in digital assets during its more than a decade of operations and is responsible for numerous intrusions. The DPRK uses cybercrime as a source of revenue for “its illicit weapons of mass destruction and ballistic missile programs.”
OFAC imposed sanctions against Blender on May 6, 2022. This was followed by sanctions against Tornado Cash on November 8, 2022. On April 24, 2023, OFAC imposed sanctions against two OTC virtual currency merchants that facilitated the conversion of stolen virtual currency into fiat currency for DPRK figures working with Lazarus Group.