Uncovering the Dark World of Cryptocurrency Mixer Sinbad: From Sanctions to High-Profile Thefts and Ties to Lazarus Group
U.S. Treasury Sanctions Cryptocurrency Mixer Sinbad
The U.S. Treasury Department imposed punitive sanctions on Sinbad.io (Sinbad), a cryptocurrency mixer service, following allegations of its involvement in facilitating money laundering operations for North Korean hacking groups. The announcement made on November 29, 2023, is part of an ongoing crackdown on entities aiding in the laundromat of stolen funds.
Sinbad Accused of Laundering Funds for North Korean Hacking Group Lazarus
According to the announcement made by the Department, Sinbad has allegedly processed and laundered millions of dollars worth of cryptocurrency stolen by the North Korea-linked hacking group known as the Lazarus Group. Previously sanctioned in 2019, Lazarus Group gained notoriety for high-profile cyberattacks that have collectively realized over $2 billion in stolen digital assets for the past ten years.
Responsible for Laundering Millions of Dollars in Stolen Cryptocurrency
Sinbad has been accused of enabling money laundering practices by obfuscating the origin, destination, and parties involved in illicit transactions. The charges specify that Sinbad was instrumental in laundering funds from recent notable cyberattack incidents, including the $100 million hack against the Atomic Wallet provider and last year's $620 million Axie Infinity hack and $100 million Horizon Bridge exploit.
Believed to be Successor to Previously Sanctioned Blender.io Mixer
Some industry experts have postulated that Sinbad may be a successor to the previously sanctioned cryptocurrency mixer service, Blender.io. This hypothesis stems from observed trends and practices, but concrete evidence to back this assertion is yet to be established.
Sinbad's Activities Also Linked to Other Criminal Offenses
In addition to money laundering allegations, Sinbad's activities have come under suspicion for enabling various criminal offenses. These range from sanctions evasion to drug trafficking and illicit sale of items.
In a statement on the sanctions, Deputy Treasury Secretary Wally Adeyemo highlighted the significant role of the U.S. Government in preventing virtual currency mixers like Sinbad from facilitating illicit activities. The sanctions aim to discourage and disrupt these operations by demonstrating the serious consequences that criminal actors can face.
Sinbad's Involvement in High-profile Thefts
The cryptocurrency mixing service Sinbad has been implicated in several high-profile hack attacks that have stolen huge sums of money. The nefarious activities have drawn the attention of the Treasury Department, prompting severe sanctions due to Sinbad's facilitating role in money laundering for the Lazarus Group.
Laundered "Significant Portion" of the $100 Million Stolen From Atomic Wallet in June 2023
In one of these hacks, said to have occurred in June 2023, Sinbad reportedly laundered a significant portion of the $100 million stolen from the Atomic Wallet. Sinbad allegedly aided in the obfuscation of the illicit transaction trails by facilitating the mixing of these funds, making it hard for authorities to trace the stolen funds.
Laundered Part of the $620 Million Stolen from Axie Infinity in March 2022
The Lazarus Group was also behind an attack on the "Axie Infinity" game in March 2022, which led to more than $620 million theft. Sinbad's notorious involvement is again prominent as it was used to launder some of these stolen resources. According to the Treasury Department, Sinbad's service made it possible for the group to obscure the origin of the stolen funds, complicating efforts to recover these funds.
Laundered Part of the $100 Million Stolen in June 2022 from Horizon Bridge
In June 2022, another hacking operation targeting Horizon Bridge led to a loss of $100 million. Sinbad is again implicated in facilitating the laundering of part of these funds. This incident, among others, underscores Sinbad's role in sustaining the criminal enterprises of groups like the Lazarus Group.
Despite these allegations, the creator behind Sinbad, known as "Mehdi," maintains that Sinbad operates in the clearnet for benevolent purposes. He insists the service supports privacy rights and freedom from total internet surveillance. Mehdi's assertion that he couldn't have known about the sources of the stolen funds adds a layer of complexity to the unfolding narrative surrounding cryptocurrency mixers and their role in potential cybercrime activities.
The Acts of Lazarus Group
The Lazarus Group, a North Korean state-sponsored hacking group, has been operating for over a decade and has reportedly amassed over $2 billion in stolen digital assets. Recently, their cybercriminal activities have increased significantly, with the group turning their attention to cryptocurrencies as a lucrative target.
Operating for More than Ten Years with Over $2 Billion Worth of Digital Assets Thefts
Over its operational lifespan of over ten years, Lazarus Group has been implicated in the theft of over $2 billion in digital assets. The group uses sophisticated hacking techniques to infiltrate targeted systems, seize control, and divert significant sums of cryptocurrencies – often in bitcoin – staging some of the largest digital heists in the cyber underworld.
Lazarus Has Stolen More Than $377 Million Worth of Cryptocurrency This Year Alone
A datum of particular note is that Lazarus Group has stolen more than $377 million worth of cryptocurrency in the current year alone. These large-scale thefts not only indicate the group's capabilities but also showcase their ever-increasing audacity, orchestrating numerous high-profile hacks within a short time frame.
Targeted Organizations Include Atomic Wallet, Alphapo, CoinEx, CoinsPaid, and Stake.com
The litany of organizations that have fallen victim to the Lazarus Group's activities grows continually. This year, high-profile targets have included Atomic Wallet, from which the group stole $100 million; Alphapo, which lost $60 million; CoinEx, which lost $31 million; and CoinsPaid, which faced a theft of $37.3 million. The popular gaming and betting site Stake.com also had $41 million worth of cryptocurrency stolen in a breach attributable to Lazarus.
The U.S. Treasury Department has raised concerns over this alarming trend, issuing multiple sanctions to curb the activities of cryptocurrency mixers such as Sinbad, believed to aid Lazarus in their money laundering efforts. Deputy Secretary of the Treasury Wally Adeyemo, emphasized that they are ready to utilize all available tools to prevent cryptocurrency mixers from enabling illicit activities.
Other U.S. Sanctions
The U.S. Treasury's sanctions against Sinbad fit into a broader pattern of addressing cybercrime by sanctioning entities alleged to have facilitated illicit activities. A notable target before Sinbad was the cryptocurrency mixer Tornado Cash.
The sanctions and the Deputy Treasury Secretary's statement of readiness to take further actions underscore the Treasury's resolve in combating cybercrime. As these digital assets companies face intensified surveillance, it is reasonable to anticipate more legal and regulatory actions from the U.S. Treasury Department moving forward.