Feds Seize Sinbad Crypto Mixer Used by North Koreas Lazarus

  /     /     /  
Publicated : 23/11/2024   Category : security


Feds Seize Sinbad Crypto Mixer Used by North Koreas Lazarus


The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.



In its continued efforts to crack down on North Koreas most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its cybercriminal activity.
The US Treasury Departments Office of Foreign Assets Control (OFAC) sanctioned Sinbad.io, or just Sinbad,

a crypto-mixing service

that the feds said has processed millions of dollars worth of virtual currency from crypto heists by the
Lazarus Group
, according to a
press release
from OFAC.
As a result of the action, all Sinbad property and interests in property in the US or controlled by anyone in the US must be blocked and reported to OFAC, and people in the US are prohibited from having any involvement with the service. Further, anyone who engages in transactions with the service also may be exposed to sanctions.  
Crypto mixing
— a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — is a popular service tapped by cybercriminals to obscure their illegal transactions. In the case of Lazarus, the group used Sinbad to launder crypto from various malicious incidents, including the Horizon Bridge and Axie Infinity heist, the government said.
The prolific threat actor is
well known
for conducting
cyberattacks
on behalf of the regime of North Koreas leader, Kim Jong Un, engaging in widespread crypto theft through various cyberattacks — including
targeting crypto engineers
or using compromised systems to mine crypto — to fund government activities, among other endeavors. The US government officially sanctioned Lazarus in 2019, effectively making it a crime to do any kind of business with the group or its associates.
Other cybercriminal groups also use Sinbad to keep various illegal financial activities such as drug trafficking, buying child pornography, and other Dark Web transactions away from the prying eyes of law enforcement. However, global authorities have caught on to the use of crypto mixers and are now starting to monitor and block the activity.
In March, an international law enforcement effort led by the US Department of Justice (DoJ) led to the shuttering another known crypto-mixing service, ChipMixer. Then in May and earlier this month, respectively, the feds also seized one crypto mixer, Blender.io (Blender), and redesignated another,
Tornado Cash
— both known to be used by Lazarus, they said.
OFAC in April also sanctioned
two over-the-counter virtual currency traders
who facilitated the conversion of stolen virtual currency to fiat currency for North Korean actors associated with Lazarus.
“While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors, said Deputy Secretary of the Treasury Wally Adeyemo, in a statement. Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences.”
All told,
Lazarus
, which has been active for more than 10 years, is believed to have stolen more than $2 billion worth of digital assets across multiple cryptocurrency heists, according to the US government.
Sinbad, which operates on the Bitcoin blockchain, has been one of the primary facilitators of the trafficking of these funds as the groups preferred mixing service. The service, which some security experts believe is the successor to Blender, aids cybercriminal transactions by obfuscating their origin, destination, and counterparties, so they are difficult to track.
Some of the larger sums that
Lazarus
has laundered through the crypto mixer include a significant portion of the following crypto heists: $100 million stolen in June from customers of Atomic Wallet; $620 million stolen from Axie Infinity in March 2022; and $100 million nabbed from Horizon Bridge in June 2022. 
Despite being sanctioned and constantly monitored by security researchers and global authorities alike, Lazarus remains undaunted and shows little sign of slowing down. Some of the groups most recent activity includes
posing as Meta
to deploy a complex backdoor at an aerospace organization, and aiming to
lure crypto pros
with fake job postings — the latter a common tactic of the group.
There are signs that the mounting pressure on the group has affected them, though. Lazarus
recently aligned
with other North Korean state-sponsored threat actors to make them collectively harder to track. However, this collaboration also sets the stage for more aggressive and complex cyberattacks that will demand strategic defense and response on the part of targets.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Feds Seize Sinbad Crypto Mixer Used by North Koreas Lazarus