US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers

Avatar

The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government.

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced new sanctions on Sinbad.io, which officials said has been used by North Korea’s Lazarus Group to process millions of dollars’ worth of virtual currency stolen during attacks over the last two years including incidents involving Horizon Bridge and Axie Infinity.

The cryptocurrency mixer is also used by cybercriminals to make it difficult for investigators to track transactions related to sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo.

The platform’s website was also seized and replaced with a banner from several law enforcement agencies including the FBI, The Department of Justice, Finland’s National Bureau of Investigation and other international agencies.

U.S. officials said Sinbad is the “preferred mixing service” for the Lazarus Group — which has been behind several of the largest crypto hacks in recent years. The Sinbad platform obfuscates the origin, destination and parties involved in illicit transactions, with experts noting that it is likely a successor to Blender.io — another mixer sanctioned by OFAC last year.

The Treasury Department and blockchain research firm Elliptic said there are infrastructure ties between Blender.io and Sinbad, including shared cryptocurrency wallets and more.

According to the Treasury Department, North Korean hackers used it to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge — two of the largest crypto thefts on record.

Lazarus Group has been operating for more than 10 years, and according to U.S. officials has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government’s activities — including its weapons of mass destruction and ballistic missile programs. The group itself was sanctioned by OFAC in 2019.

The OFAC sanctions announced on Wednesday mean U.S. citizens are banned from dealing with Sinbad in any way. Anyone caught doing business with the platform may be exposed to sanctions as well, they added.

The Treasury Department has sought to limit the ability of state-backed actors and cybercriminals to use cryptocurrency mixing services through sanctions in the last two years. U.S. law enforcement agencies have shut down or sanctioned several platforms, including Blender.io, Tornado Cash, and others.

Blockchain research firm Elliptic noted that they have found thousands of additional addresses connected to this mixer.

“As well as the hacks mentioned by the US Treasury in the press release, Sinbad has also been used to launder some of the proceeds of other major hacks including thefts from Stake.com (September 2023, $41 million), CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” they said.

NewsCybercrimeTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

New Jersey, Pennsylvania hospitals affected by cyberattacks

Next Post

US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers

Related Posts

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows
Omega Balla
Read More

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to
Avatar
Read More