Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Sanctioned Crypto Mixer Blender Reappears Under New Name

'Sinbad' Is Likely Run by Operators of Blender and Links to the Same Digital Wallet
Sanctioned Crypto Mixer Blender Reappears Under New Name
Image: Shutterstock

A cryptocurrency service that North Korean hackers used to launder stolen funds and that was sanctioned by the U.S. Department of the Treasury appears to have resumed service under a new name.

Federal regulators in May prohibited U.S. persons from transacting with Blender after determining that North Korean hackers had used it to funnel millions' worth of illicit proceeds. Blender ceased operations in April.

Blockchain analysis firm Elliptic says the new mixer "Sinbad" is likely a revival of Blender. The firm points to strong similarities between the website structures, Russian-language support, links with a digital wallet used by Blender's operators, and blockchain behavior of the two mixers.

Stolen cryptocurrency has become a principal source of hard currency for North Korea. Blockchain analytics firm Chainalysis estimates that North Korean cybercriminals stole $1.7 billion worth of cryptocurrency during 2022 - a substantial infusion of cash for a country with an assessed gross domestic product of $40 billion annually.

Sinbad has laundered close to $100 million in bitcoin from hacks attributed to North Korea's Lazarus Group, Elliptic analysis finds. Mixers are a "cornerstone" of North Korean money laundering, says Chainalysis. "Funds from hacks carried out by North Korea-linked hackers move to mixers at a much higher rate than funds stolen by other individuals or groups."

Cryptocurrency mixers pool potentially tainted funds and randomly distribute them to destination wallets in a bid to make tracing stolen cryptocurrency hard or impossible. Proponents say they can also be used to grant privacy for cryptocurrency transactions, particularly those involving sensitive matters.

Treasury also sanctioned the Tornado mixer in August for its ties to North Korean hackers (see: US Treasury Sanctions Tornado Cash, Freezes Its Assets).

Sinbad became operational in early October 2022 as a custodial mixer, meaning its operators fully control the crypto assets deposited within it.

Before Sinbad publicly launched, it received cryptocurrency from a wallet believed to be controlled by the operator of Blender, "presumable in order to test the service," Elliptic says.

Almost all of Sinbad's initial transactions - amounting to about $22 million - originated from the same suspected Blender operator wallet.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.