A cryptocurrency service that North Korean hackers used to launder stolen funds and that was sanctioned by the U.S. Department of the Treasury appears to have resumed service under a new name.
Federal regulators in May prohibited U.S. persons from transacting with Blender after determining that North Korean hackers had used it to funnel millions’ worth of illicit proceeds. Blender ceased operations in April.
Blockchain analysis firm Elliptic says the new mixer “Sinbad” is likely a revival of Blender. The firm points to strong similarities between the website structures, Russian-language support, links with a digital wallet used by Blender’s operators, and blockchain behavior of the two mixers.
Stolen cryptocurrency has become a principal source of hard currency for North Korea. Blockchain analytics firm Chainalysis estimates that North Korean cybercriminals stole $1.7 billion worth of cryptocurrency during 2022 – a substantial infusion of cash for a country with an assessed gross domestic product of $40 billion annually.
Sinbad has laundered close to $100 million in bitcoin from hacks attributed to North Korea’s Lazarus Group, Elliptic analysis finds. Mixers are a “cornerstone” of North Korean money laundering, says Chainalysis. “Funds from hacks carried out by North Korea-linked hackers move to mixers at a much higher rate than funds stolen by other individuals or groups.”