Connect with us

Hi, what are you looking for?



US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers

US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus.

The US Department of the Treasury on Wednesday announced sanctions against cryptocurrency mixer Sinbad, for laundering stolen cryptocurrency for the North Korean state-sponsored hacking group Lazarus.

Sinbad, the Treasury says, is the preferred mixing service for Lazarus, and is responsible for laundering millions of dollars in stolen cryptocurrency for the nation state threat actor.

Operating on the Bitcoin blockchain, the mixer obfuscates the origin, destination, and counterparties of illicit transactions, and is believed to be a successor to the mixer, which was previously sanctioned for aiding Lazarus.

Sinbad, the Treasury says, also obfuscates transactions linked to other malicious activities, including sanctions evasion, drug trafficking, and illicit sales on dark web marketplaces.

According to the US, Sinbad was involved in laundering a “significant portion” of the $100 million in cryptocurrency stolen from Atomic Wallet in June 2023, of the $620 million stolen from Axie Infinity in March 2022, and of the $100 million stolen in June 2022 from Horizon Bridge.

“The Lazarus Group has operated for more than ten years and is believed to have stolen over $2 billion worth of digital assets across multiple thefts. Due to the pressure of robust US and United Nations sanctions, the DPRK has resorted to using illicit tactics, such as heists perpetrated by the Lazarus Group, to generate revenue for its unlawful weapons of mass destruction and ballistic missile programs,” the US says.

Lazarus is believed to have stolen more than $377 million worth of cryptocurrency this year alone, in attacks targeting Atomic Wallet, Alphapo, CoinEx, CoinsPaid, and

Last year, the US also sanctioned Tornado Cash for providing mixing services to Lazarus.

Advertisement. Scroll to continue reading.

Related: US Sanctions Russian National for Helping Ransomware Groups Launder Money

Related: US, UK Sanction More Members of Trickbot Russian Cybercrime Group

Related: US Sanctions North Korean University for Training Hackers

Related: UN Experts: North Korean Hackers Stole Record Virtual Assets

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.