Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime
Sanctioned Crypto Mixer Blender Reappears Under New Name
'Sinbad' Is Likely Run by Operators of Blender and Links to the Same Digital WalletA cryptocurrency service that North Korean hackers used to launder stolen funds and that was sanctioned by the U.S. Department of the Treasury appears to have resumed service under a new name.
Federal regulators in May prohibited U.S. persons from transacting with Blender after determining that North Korean hackers had used it to funnel millions' worth of illicit proceeds. Blender ceased operations in April.
Blockchain analysis firm Elliptic says the new mixer "Sinbad" is likely a revival of Blender. The firm points to strong similarities between the website structures, Russian-language support, links with a digital wallet used by Blender's operators, and blockchain behavior of the two mixers.
Stolen cryptocurrency has become a principal source of hard currency for North Korea. Blockchain analytics firm Chainalysis estimates that North Korean cybercriminals stole $1.7 billion worth of cryptocurrency during 2022 - a substantial infusion of cash for a country with an assessed gross domestic product of $40 billion annually.
Sinbad has laundered close to $100 million in bitcoin from hacks attributed to North Korea's Lazarus Group, Elliptic analysis finds. Mixers are a "cornerstone" of North Korean money laundering, says Chainalysis. "Funds from hacks carried out by North Korea-linked hackers move to mixers at a much higher rate than funds stolen by other individuals or groups."
Cryptocurrency mixers pool potentially tainted funds and randomly distribute them to destination wallets in a bid to make tracing stolen cryptocurrency hard or impossible. Proponents say they can also be used to grant privacy for cryptocurrency transactions, particularly those involving sensitive matters.
Treasury also sanctioned the Tornado mixer in August for its ties to North Korean hackers (see: US Treasury Sanctions Tornado Cash, Freezes Its Assets).
Sinbad became operational in early October 2022 as a custodial mixer, meaning its operators fully control the crypto assets deposited within it.
Before Sinbad publicly launched, it received cryptocurrency from a wallet believed to be controlled by the operator of Blender, "presumable in order to test the service," Elliptic says.
Almost all of Sinbad's initial transactions - amounting to about $22 million - originated from the same suspected Blender operator wallet.