Cybercrime

US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers

US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus.

Ionut Arghire

November 30, 2023

The US Department of the Treasury on Wednesday announced sanctions against cryptocurrency mixer Sinbad, for laundering stolen cryptocurrency for the North Korean state-sponsored hacking group Lazarus.

Sinbad, the Treasury says, is the preferred mixing service for Lazarus, and is responsible for laundering millions of dollars in stolen cryptocurrency for the nation state threat actor.

Operating on the Bitcoin blockchain, the mixer obfuscates the origin, destination, and counterparties of illicit transactions, and is believed to be a successor to the Blender.io mixer, which was previously sanctioned for aiding Lazarus.

Sinbad, the Treasury says, also obfuscates transactions linked to other malicious activities, including sanctions evasion, drug trafficking, and illicit sales on dark web marketplaces.

According to the US, Sinbad was involved in laundering a “significant portion” of the $100 million in cryptocurrency stolen from Atomic Wallet in June 2023, of the $620 million stolen from Axie Infinity in March 2022, and of the $100 million stolen in June 2022 from Horizon Bridge.

“The Lazarus Group has operated for more than ten years and is believed to have stolen over $2 billion worth of digital assets across multiple thefts. Due to the pressure of robust US and United Nations sanctions, the DPRK has resorted to using illicit tactics, such as heists perpetrated by the Lazarus Group, to generate revenue for its unlawful weapons of mass destruction and ballistic missile programs,” the US says.

Lazarus is believed to have stolen more than $377 million worth of cryptocurrency this year alone, in attacks targeting Atomic Wallet, Alphapo, CoinEx, CoinsPaid, and Stake.com.

Last year, the US also sanctioned Tornado Cash for providing mixing services to Lazarus.

Advertisement. Scroll to continue reading.

Written By Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Latest News

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Eduard KovacsOctober 1, 2019