In the cryptocurrency economy, there’s often a fine line between financial privacy and money laundering. Now one Bitcoin “mixer” service called Sinbad.io is walking that tightrope in full public view: Just a few months after launching on the open web, it appears to have already become the preferred money-laundering outlet for the world’s most prolific state-sponsored crypto thieves.
In a portion of its annual crime report published last week, blockchain analysis firm Chainalysis noted that Sinbad—which, like other mixer services, offers to foil cryptocurrency tracing efforts by taking in users’ cryptocurrency, mixing their coins with other those of other users, and returning the same amount—had received $25 million in stolen cryptocurrency from North Korean hackers in just December and January, more than any other mixing service had received.
Those funds, according to Chainalysis, include portions of the thieves’ proceeds from massive heists that targeted the Harmony Bridge service, from which the North Koreans stole roughly $100 million, as well as the Ronin Bridge service, from which the hackers stole a staggering $650 million. Chainalysis’ vice president of investigations, Erin Plante, says North Korea’s crypto-stealing cybercriminals began funneling their profits bit by bit through Sinbad almost immediately after the mixer’s October launch, in the hopes of obscuring their loot’s origin before cashing it out at an exchange. Sinbad “hit the radar for North Korea quickly,” Plante says, “and it’s become their favorite.”
That’s put the new service in an awkward position: Just weeks after its debut, Sinbad became a tool that operates publicly—with a traditional website running in the open in addition to a dark-web site running on the anonymity network Tor—and yet some of its earliest, most high-volume users also happen to be the crypto world’s most notorious cybercriminals. North Korean hackers, according to Chainalysis’s findings, stole no less than $1.7 billion in cryptocurrency last year, helping to make the year the worst on record for total crypto thefts.
Sinbad’s’s founder, meanwhile, argues in an email interview with WIRED that the service has no reason to hide. “Sinbad is present in clearnet because it doesn’t do anything bad,” writes the service’s creator and administrator, who asked to be called “Mehdi,” using the term “clearnet” to mean a website not hidden on the Tor network.
“I am against total surveillance, control over internet users, against autocracies and dictatorships,” Mehdi adds. “Every living person has the right to privacy.”
Mehdi, who declined to reveal his real name or where he or Sinbad are based, says that he created Sinbad as a response to the growing centralization of cryptocurrency and the erosion of the privacy promises it once appeared to offer. He named his mixer service after the fictional Middle Eastern sailor who, as Mehdi puts it, “traded goods all around the world.” Mehdi describes Sinbad as a legitimate privacy-preserving technology project, comparing it to privacy-focused cryptocurrencies like Monero or Zcash, anonymity-enhancing crypto wallet software like Wasabi, and the Tor browser, which encrypts user traffic and routes it through multiple servers to hide people’s identities.