US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group


According to the US government, Sinbad.io provided its services to the Lazarus group to launder money stolen from numerous data breaches, including those affecting Horizon Bridge, Axie Infinity, and Atomic Wallet.

The official domain of Sinbad.io, a popular Bitcoin “mixer” service has been seized by the United States government. The reason to seize the service given by the US Treasury is that the service apparently, was involved in laundering millions of dollars stolen by North Korean state-based notorious Lazarus group.

Those visiting Sinbad.io can now encounter a homepage uploaded by the government of the United States, announcing the following:

This service has been seized as part of a coordinated law-enforcement action between the Federal Bureau of Investigation, the Financial Intelligence and Investigation Service (FIOD), and the National Bureau of Investigation taken against the Sinbad.io cryptocurrency mixing service. The Federal Bureau of Investigation has seized the service in accordance with a seizure warrant pursuant to 18 U.S.C. 55 981 and 982 as part of a coordinated international law-enforcement operation.

In a press release dated November 29, 2023, the Treasury accused Sinbad.io of processing hundreds of millions of dollars worth of cryptocurrency obtained from various sources. These sources reportedly include large-scale data breaches, notably the $100 million hack affecting Horizon Bridge in June 2022, the $620 million from the Axie Infinity hack in March 2022, and the impact on customers of Atomic Wallet in June 2023.

What Sinbad.io’s homepage shows to visitors (Image credit: Hackread.com)

The US government further claimed that Sinbad.io is not only used for financial crimes but is also a tool employed by cybercriminals for “obfuscating transactions” associated with activities such as sanctions evasion, drug trafficking, purchasing child sexual abuse materials, and other illicit sales on dark web marketplaces.

The Lazarus group, operating under the control of the Democratic People’s Republic of Korea (DPRK), is infamous for its hacking activities. The US alleges that Sinbad.io serves as a “key money-laundering tool” for the already-sanctioned Lazarus group, which is believed to have stolen a staggering $2 billion worth of digital assets over its operational history.

According to the Q3 2023 Crypto Losses Report by Immunefi, a blockchain cybersecurity firm, the cryptocurrency industry incurred a loss of $685.5 million, marking the highest quarterly loss for the year.

The two largest exploits of the quarter were on Mixin Network and Multichain, which together accounted for 47.5% of all losses. The Lazarus Group, a North Korean state-sponsored hacking group, was responsible for $208.6 million in stolen funds, representing 30% of the total losses.

As for Sinbad.io, it operates on the Bitcoin blockchain and is considered by experts to be a successor to the previously sanctioned crypto mixer, Blender.io. The Office of Foreign Assets Control (OFAC) sanctioned Blender.io on May 6, 2022.

However, ddespite authorities shutting down the original Sinbad.io address, a mirrored site surfaced, registered in Moscow on November 18. A Google search for the original Sinbad.io now shows a copycat site, 1sinbadgo.com, as the second result. Notably, the copycat site, which also boasts a .Onion domain, claims to provide identical services to the original seized domain.

US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group
(Image credit: Hackread.com)

Nevertheless, the sanctions imposed by the US require the blocking and reporting of “all property and interests in property” belonging to Sinbad.io that are within the United States or under the possession or control of US persons, according to the press release.

  1. Lazarus Group uses KandyKorn macOS malware for crypto theft
  2. Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm
  3. Lazarus-Linked BlueNoroff APT Hits macOS with ObjCShellz Malware
  4. N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist
  5. Hackers Used Fake LinkedIn Job Offer to Hack Off $625M from Axie Infinity





Source link