In a significant move to combat cyber-enabled criminal activities, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on virtual currency mixer Sinbad.io identified as a critical money-laundering tool for the Lazarus Group.
The Lazarus Group, a state-sponsored cyber hacking group associated with the Democratic People’s Republic of Korea (DPRK), has been a longstanding concern for the U.S. government.
About Virtual Currency Mixer Sinbad.io
Sinbad.io, operating on the Bitcoin blockchain, has played a pivotal role in laundering millions of dollars in stolen virtual currency, particularly from Lazarus Group heists such as the Horizon Bridge and Axie Infinity incidents.
The virtual currency mixer Sinbad.io is also utilized by cybercriminals to obscure transactions linked to various illicit activities, including sanctions evasion, drug trafficking, and the purchase of illegal materials.
Deputy Secretary of the Treasury, Wally Adeyemo, emphasized that mixing services aiding criminal actors like the Lazarus Group will face severe consequences.
“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo in a press statement.
“The Treasury Department and its U.S. government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors,” added further.
This action builds upon previous efforts by OFAC to expose elements of the virtual currency ecosystem used by malicious cyber actors. Earlier designations targeted Blender.io and Tornado Cash, both providing mixing services to the Lazarus Group.
Additionally, two over-the-counter virtual currency traders were sanctioned for facilitating the conversion of stolen virtual currency to fiat currency for DPRK actors affiliated with the Lazarus Group.
Sinbad.io, identified as a preferred mixing service for the Lazarus Group, has been implicated in laundering a significant portion of stolen virtual currency, including funds from the Atomic Wallet heist and the Axie Infinity and Horizon Bridge heists.
The Lazarus Group, sanctioned by OFAC in 2019, is known to have operated for over a decade, stealing over US$2 billion in digital assets through various cyber thefts.
Implications and Enforcement of Sanctions
The sanctions against Sinbad.io, pursuant to Executive Order (E.O.) 13694 and E.O. 13722, aim to prevent the facilitation of cyber-enabled activities posing a threat to U.S. national security and economic health.
As a result of this action, all property and interests in the property of Sinbad.io within the U.S. or under the control of U.S. persons must be blocked and reported to OFAC. Individuals engaging in transactions with Sinbad.io may also face sanctions.
The move highlights the U.S. government’s commitment to leveraging all tools available to combat illicit activities in the digital asset ecosystem while encouraging responsible innovation. The ultimate goal of such sanctions is not only to punish but to bring about positive changes in behavior and promote cybersecurity.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.