US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers

The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government.

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced new sanctions on Sinbad.io, which officials said has been used by North Korea’s Lazarus Group to process millions of dollars’ worth of virtual currency stolen during attacks over the last two years including incidents involving Horizon Bridge and Axie Infinity.

The cryptocurrency mixer is also used by cybercriminals to make it difficult for investigators to track transactions related to sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo.

The platform's website was also seized and replaced with a banner from several law enforcement agencies including the FBI, The Department of Justice, Finland's National Bureau of Investigation and other international agencies.

U.S. officials said Sinbad is the “preferred mixing service” for the Lazarus Group — which has been behind several of the largest crypto hacks in recent years. The Sinbad platform obfuscates the origin, destination and parties involved in illicit transactions, with experts noting that it is likely a successor to Blender.io — another mixer sanctioned by OFAC last year.

The Treasury Department and blockchain research firm Elliptic said there are infrastructure ties between Blender.io and Sinbad, including shared cryptocurrency wallets and more.

According to the Treasury Department, North Korean hackers used it to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge — two of the largest crypto thefts on record.

Lazarus Group has been operating for more than 10 years, and according to U.S. officials has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government’s activities — including its weapons of mass destruction and ballistic missile programs. The group itself was sanctioned by OFAC in 2019.

The OFAC sanctions announced on Wednesday mean U.S. citizens are banned from dealing with Sinbad in any way. Anyone caught doing business with the platform may be exposed to sanctions as well, they added.

The Treasury Department has sought to limit the ability of state-backed actors and cybercriminals to use cryptocurrency mixing services through sanctions in the last two years. U.S. law enforcement agencies have shut down or sanctioned several platforms, including Blender.io, Tornado Cash, and others.

Blockchain research firm Elliptic noted that they have found thousands of additional addresses connected to this mixer.

“As well as the hacks mentioned by the US Treasury in the press release, Sinbad has also been used to launder some of the proceeds of other major hacks including thefts from Stake.com (September 2023, $41 million), CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” they said.