Reports indicate that North Korean hackers are using a new mixing service to launder cryptocurrencies. The new mixer is likely to be a re-launched version of “Blender,” which now operates under the name “Sinbad.”
According to findings from crypto tracing firm Elliptic Enterprises, hackers affiliated with the North Korean government have a new crypto mixer to launder stolen digital currency, reports Bloomberg. Elliptic reports that Blender – sanctioned for aiding the North Korean hacking syndicate, Lazarus Group, to launder million in Bitcoin – is highly likely to have been re-launched as Sinbad. Sinbad reportedly has laundered almost $100 million in Bitcoin from hacks affiliated with Lazarus.Lazarus Responsible for Some Major Crypto Hacks
Hackers often use crypto mixers to hide the origin and owner of funds by blending the assets of a larger number of users. Following some of the biggest hacks in crypto history, the United States Treasury’s Office of Foreign Asset Control (OFAC) imposed sanctions against crypto mixing services Blender and Tornado Cash for helping Lazarus launder close to $500 million in illicitly obtained cryptocurrencies. After the U.S. imposed an embargo against the two mixers, Tornado Cash continued to operate. Blender ceased operations, and its operator disappeared after reportedly taking almost $22 million in Bitcoin from the mixer.
According to Elliptic, Blender likely started operating the new service called Sinbad, which Lazarus used to launder illicit funds in October 2022. The possibility of Blender rebranding emerged after the Harmony Horizon crypto heist in June 2022 led to losses of about $100 million. Elliptic investigated the hack and found strong links to Lazarus, which the FBI confirmed earlier in the year, by tracing the funds through Tornado Cash. Reports explain that an actor involved in a hack typically combines Tornado Cash mixing service with a custodial-based service such as Blender. In the case of the Harmony hack, the actors used another Bitcoin mixer called Sinbad.
Tens of millions of dollars from Horizon and other North Korea-linked hacks have been passed through Sinbad to date and continue to do so, demonstrating confidence and trust in the new mixer.
Further evidence shows that unlike Tornado Cash, Blender, and Sinbad are custodial mixers. Custodial mixers operate so that all crypto that goes into the service is under the operator’s control, so owners have enough confidence to give up command of their funds. Elliptic’s analysis and data reveal with certainty that Sinbad is operated by the same individual or group that ran Blender. According to Elliptic, its researchers found that a “service” address on the Sinbad site received Bitcoin from a wallet believed to belong to Blender’s operator. That same wallet paid for Sinbad promotions and to funded almost all the initial transactions coming into the mixer, totaling almost $22 million.
Elliptic further found similar on-chain pattern behaviour between Sinbad and Blender, including specific characteristics of transactions. According to Elliptic:
The way in which the Sinbad mixer operates is identical to Blender in several ways, including ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.