U.S. Treasury Department Imposes Sanctions on Sinbad, a Virtual Currency Mixer Linked to North Korean Hackers

Sinbad, a virtual currency mixer, has been sanctioned by the U.S. Treasury Department for its involvement in laundering ill-gotten proceeds for the North Korea-linked Lazarus Group.

The U.S. Treasury Department has taken action against Sinbad, a virtual currency mixer that has been used by the Lazarus Group, a North Korea-linked hacking group, to launder stolen funds. The department stated that Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists. Additionally, Sinbad has been utilized by cybercriminals for various illicit activities such as sanctions evasion, drug trafficking, and the purchase of child sexual abuse materials. This move follows previous actions taken by governments to crack down on mixers accused of supporting hackers by laundering stolen assets.

Sinbad’s Role in Money Laundering and Illicit Activities

Sinbad, created by an individual known as “Mehdi” in September 2022, claimed to be a legitimate privacy-preserving initiative. Mehdi stated that Sinbad was launched as a response to the increasing centralization of cryptocurrency and the erosion of privacy promises. However, investigations have revealed that Sinbad has been used by the Lazarus Group to launder virtual currency obtained through hacks of platforms such as Atomic Wallet and Harmony Horizon Bridge. Chainalysis reported that over one third of the funds sent to Sinbad during its existence came from crypto hacks. After the takedown of other mixers like Tornado Cash and Blender.io, Sinbad became the preferred choice for North Korean hacking activities.

Sinbad’s Connection to Ransomware, Darknet Markets, and Scammers

Sinbad has also been utilized by ransomware actors, darknet markets, and scammers to facilitate illicit transactions. By obfuscating the origin, destination, and counterparties of transactions, Sinbad has enabled these actors to carry out their illegal activities. Blockchain analytics firm Elliptic has found evidence suggesting that the same individual or group is likely behind both Sinbad and Blender, another mixer. Similarities in on-chain patterns, operational methods, website design, and connections to Russia have led to this conclusion. Elliptic’s analysis revealed that a Bitcoin wallet associated with the suspected operator of Blender sent funds to a “service” address on the Sinbad website before its public launch. Additionally, the Bitcoin wallet used to pay individuals who promoted Sinbad received funds from the suspected Blender operator wallet.

Recent Conviction of SSNDOB Administrator

In a related development, Vitalii Chychasov, the administrator of the now-dismantled online marketplace SSNDOB, has been sentenced to eight years in federal prison in the United States. Chychasov, a Ukrainian national, was arrested in March 2022 while attempting to enter Hungary and was subsequently extradited to the U.S. in July 2022. SSNDOB was taken down in a joint operation led by the U.S., Cyprus, and Latvia in June 2022. Chychasov was found guilty of selling personal information, including names, dates of birth, and Social Security numbers.


The U.S. Treasury Department’s imposition of sanctions on Sinbad, a virtual currency mixer, underscores the growing concern over the use of such platforms to launder stolen funds. Sinbad’s involvement in laundering ill-gotten proceeds for the Lazarus Group, as well as its use by ransomware actors, darknet markets, and scammers, highlights the need for increased regulation and oversight in the cryptocurrency space. The recent conviction of the SSNDOB administrator further emphasizes the ongoing efforts to dismantle online marketplaces involved in illegal activities. As authorities continue to crack down on these illicit operations, it remains crucial for individuals and organizations to exercise caution and adopt robust security measures when engaging with virtual currencies.






Leave a Reply

Your email address will not be published. Required fields are marked *