Feds seize Sinbad crypto mixer allegedly used by North Korean hackers

As part of an international law enforcement investigation, the FBI and the Dutch Financial Intelligence and Investigation Service have seized the websites of a crypto mixer that was allegedly used by North Korean hackers and several cybercriminals to launder stolen funds and obfuscate transactions.

On Wednesday, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the government’s department that administers and enforces sanctions against foreign people and organizations, announced that it had sanctioned Sinbad, a Bitcoin mixer that “serves as a key money-laundering tool” for the Lazarus Group, a prolific hacking group widely believed to be working for the North Korean government.

OFAC said in a statement that the Sinbad crypto mixer processed “millions of dollars’ worth of virtual currency from Lazarus Group heists,” including part of the proceeds from the massive 2022 hacks of Horizon Bridge and Axie Infinity, which resulted in $100 million and $625 million, respectively.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” U.S. Deputy Secretary of the Treasury Wally Adeyemo was quoted as saying in the press release. “The Treasury Department and its U.S. government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”

The FBI did not immediately respond to a request for comment. A spokesperson for the Department of Justice declined to comment.

Cryptocurrency monitoring firm Elliptic previously said that the Lazarus Group was laundering the crypto they stole from Atomic Wallet on Sinbad. Atomic Wallet is a decentralized wallet, which said in June that around 50,000 of its customers had cryptocurrency stolen in a hack, resulting in an overall loss of $35 million.

Tom Robinson, the chief scientist and co-founder of Elliptic, told TechCrunch that Sinbad was used to launder funds stolen in the hacks of Stake.com ($41 million), CoinEx ($70 million), FTX ($477 million), BadgerDAO ($120 million) and others.

Sinbad websites began displaying an FBI seizure notice on Wednesday.

In February, the founder of Sinbad, who asked to be named Mehdi, told Wired that, "Sinbad is present in clearnet because it doesn’t do anything bad."

According to Bleeping Computer, Sinbad's dark web site is also no longer operational.

Sinbad is the latest in a growing list of crypto mixers that have been sanctioned by the U.S. government, including Tornado Cash and Blender.io. In its press release, OFAC said Sinbad "indiscriminately facilitates illicit transactions."