On Wednesday, the U.S. Treasury Department imposed sanctions against Sinbad, a virtual currency mixer used by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. According to the department, Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists.
Sinbad is also used by cybercriminals to obfuscate transactions related to sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and other illicit activities on darknet marketplaces. This follows prior actions undertaken by the Treasury Department to blockade mixers such as Blender, Tornado Cash, and ChipMixer, which have been accused of providing material support to the hacking crew by laundering stolen assets.
Sinbad was created by an individual who goes by the alias “Mehdi” in September 2022 in response to the growing centralization of cryptocurrency and erosion of the privacy promises it once appeared to offer. It also emerged as a replacement for Blender and has been used to launder virtual currency plundered following the hacks of Atomic Wallet and Harmony Horizon Bridge.
Chainalysis revealed that more than one third of funds sent to Sinbad during its lifetime have come from crypto hacks. Sinbad is also used by ransomware actors, darknet markets, and scammers to facilitate illicit transactions by obfuscating their origin, destination, and counterparties.
Elliptic believes that the same individual or group is highly likely behind both Sinbad and Blender based on an examination of on-chain patterns, the way in which the two mixers operate, similarities in their websites, and their connections to Russia.
Meanwhile, Vitalii Chychasov, a 37-year-old administrator of the now-dismantled online marketplace named SSNDOB, was sentenced to eight years in federal prison in the U.S. for selling personal information. Chychasov was arrested in March 2022, while attempting to enter Hungary, and was then extradited to the U.S. in July 2022. SSNDOB was taken down in a joint operation led by the U.S., Cyprus, and Latvia in June 2022.
This development highlights the importance of monitoring dark web activities and understanding the scale of illicit activities taking place in the digital world. For more exclusive content, follow us on Twitter and LinkedIn.