Crypto Mixer Sinbad hit with OFAC sanctions for helping DPRK hackers


Virtual currency mixer Sinbad, which helped North Korean cyber criminals from Lazarus and other groups to launder millions of dollars, has come under sanctions by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). All dealings with the service are prohibited.

Sinbad operated on the Bitcoin blockchain and was a preferred mixing service for North Korea’s threat actors. The mixer indiscriminately facilitated illicit transactions by obfuscating their origin, destination, and counterparties, according to the press release. Some experts believe that Sinbad is the successor to the Blender.io mixer, which the OFAC also designated for providing mixing services to the Lazarus Group.

On November 29th, the OFAC sanctioned Sinbad. As a result, all its property in the US and all assets or interests controlled by US persons must be blocked and reported to the OFAC. Sanctions prohibit any dealings involving a blocked entity, and persons who engage in certain transactions may be exposed to such sanctions.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo.

“The Treasury Department and its US government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”

Sinbad was used by Lazarus Group, a state-sponsored cyber hacking group of the Democratic People’s Republic of Korea (DPRK), to launder significant portions of their stolen treasures. It played a role in cleaning a significant amount of the $100 million worth of crypto looted from customers of Atomic Wallet on June 3rd, 2023.

Sinbad also helped to launder cryptocurrency from the Axie Infinity heist of approximately $620 million in March 2022 and the Horizon Bridge heist of approximately $100 million in June 2022.

Sinbad is popular among cybercriminals “to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.”

According to the executive order, Sinbad materially supported cyber activities and provided technological and other support to persons who are a significant threat to US national security.

Lazarus Group has been under OFAC sanctions since September 13th, 2019. The OFAC has identified the cybergang as an agency, instrumentality, or controlled entity of the Government of the DPRK. During over ten years in operation, the Lazarus Group allegedly stole over $2 billion worth of digital assets and is responsible for multiple intrusions. DPRK uses cybercrime as a revenue source for “its unlawful weapons of mass destruction and ballistic missile programs.”

The OFAC sanctioned Blender on May 6th, 2022. That was followed by the sanctions on Tornado Cash on November 8th, 2022. On April 24th, 2023, the OFAC sanctioned two over-the-counter virtual currency traders who facilitated the conversion of stolen virtual currency to fiat currency for DPRK actors working with the Lazarus Group.