According to elliptic analysis, Blender—which was penalized for aiding North Korea’s Lazarus Group in laundering tens of millions of dollars in Bitcoin—and is very likely to have re-launched as Sinbad. From hacks attributed to Lazarus, Sinbad has so far laundered almost $100 million in Bitcoin.
- The North Korean hacker group Lazarus has started using a new crypto mixer by the name of Sinbad.
- In “early October last year,” according to Elliptic, Sinbad was released.
The blockchain analytics company Elliptic has reported that the North Korean hacking group Lazarus has switched to a new crypto mixer called Sinbad. Larazrus, “affiliated with North Korea’s Reconnaissance General Administration,” claims a post on Elliptic and a report from Yonhap. According to the US and South Korea, Lazarus, and associated groups have been held responsible for several sophisticated crypto hacks.
Despite being relatively tiny, Sinbad has been used to laundering the proceeds of Lazarus hacks very quickly after its inception at the beginning of October 2022. As evidence of faith and trust in the new mixer, tens of millions of dollars from Horizon and other North Korea-related hacks have been sent through Sinbad and are still being transferred. The operator of Sinbad has complete control over the crypto assets deposited within it, making it a custodial mixer like Blender.
Security firms and governmental organizations think Pyongyang-affiliated organizations employed coin mixers to anonymize transactions, enabling the North to amass enormous cryptocurrency wealth. According to them, this has been used to pay for Pyongyang’s expensive missile projects.
Last year, the US State Department imposed sanctions against Blender. According to Washington, it was used “to launder money stolen by North Korea.” Blender was sanctioned in April 2022, although some think the owner left with about $22 million in Bitcoin (BTC). Blender, according to Elliptic, is now “back” but under a different name. According to the blockchain analytics company Chainalysis, North Korean hackers sent “more than $24 million to Sinbad.”
Services called coin mixers are used to make blockchain transactions anonymous. It is challenging for perpetrators to identify the original sender of a coin when using mixers. It may be challenging to track transactions if they are utilized frequently. Due to this, it is difficult to tell if coins gained illegally have been transferred or exchanged for cash.
According to the company, Lazarus has already delivered “tens of millions of dollars” through Blender and is “very likely to have re-launched as Sinbad.” Elliptic claimed that its research “indicates” the rebranding of Blender under the name Sinbad by the same person or group is “quite likely.”
According to the business, “The on-chain pattern of behavior is quite similar for both mixers, including the unique features of transactions and the use of other services to conceal their operations. With Russian-language assistance and websites, both services have a solid connection to Russia.
The most significant cryptocurrency breach in history, the $620 million Axie Infinity attack, was attributed by the US Treasury Department last year to Lazarus. The United States and South Korea have imposed separate sanctions on several people thought to be Lazarus members.
Blender might have been prompted to change its name to evade penalties, and OFAC might now want to sanction Sinbad even more. After Blender’s unexpected closure the previous year and the disappearance of substantial sums of money from the mixer, it might have also done so to earn back customers’ faith. Elliptic’s technologies can identify wallets associated with Blender and Sinbad, enabling businesses to find any exposure to these services and steer clear of doing business with prohibited parties.