US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers


The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government.

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced new sanctions on, which officials said has been used by North Korea’s Lazarus Group to process millions of dollars’ worth of virtual currency stolen during attacks over the last two years including incidents involving Horizon Bridge and Axie Infinity.

The cryptocurrency mixer is also used by cybercriminals to make it difficult for investigators to track transactions related to sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo.

The platform’s website was also seized and replaced with a banner from several law enforcement agencies including the FBI, The Department of Justice, Finland’s National Bureau of Investigation and other international agencies.

U.S. officials said Sinbad is the “preferred mixing service” for the Lazarus Group — which has been behind several of the largest crypto hacks in recent years. The Sinbad platform obfuscates the origin, destination and parties involved in illicit transactions, with experts noting that it is likely a successor to — another mixer sanctioned by OFAC last year.

The Treasury Department and blockchain research firm Elliptic said there are infrastructure ties between and Sinbad, including shared cryptocurrency wallets and more.

According to the Treasury Department, North Korean hackers used it to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge — two of the largest crypto thefts on record.

Lazarus Group has been operating for more than 10 years, and according to U.S. officials has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government’s activities — including its weapons of mass destruction and ballistic missile programs. The group itself was sanctioned by OFAC in 2019.

The OFAC sanctions announced on Wednesday mean U.S. citizens are banned from dealing with Sinbad in any way. Anyone caught doing business with the platform may be exposed to sanctions as well, they added.

The Treasury Department has sought to limit the ability of state-backed actors and cybercriminals to use cryptocurrency mixing services through sanctions in the last two years. U.S. law enforcement agencies have shut down or sanctioned several platforms, including, Tornado Cash, and others.

Blockchain research firm Elliptic noted that they have found thousands of additional addresses connected to this mixer.

“As well as the hacks mentioned by the US Treasury in the press release, Sinbad has also been used to launder some of the proceeds of other major hacks including thefts from (September 2023, $41 million), CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” they said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

New Jersey, Pennsylvania hospitals affected by cyberattacks

Next Post

US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers

Related Posts

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

Now-patched authorization bypass issues impacting Cox modems that could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's
Read More