HomeFinanceTreasury Sanctions Mixer Used...

Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency

Mixing services that enable cybercriminals continue to face consequences

WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Sinbad.io (Sinbad), a virtual currency mixer that serves as a key money-laundering tool of the OFAC-designated Lazarus Group, a state-sponsored cyber hacking group of the Democratic People’s Republic of Korea (DPRK). Sinbad has processed millions of dollars’ worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists. Sinbad is also used by cybercriminals to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces.

“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” said Deputy Secretary of the Treasury Wally Adeyemo. “The Treasury Department and its U.S. government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities. While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”

The Treasury Department’s designation of Sinbad builds on earlier actions to expose elements of the virtual currency ecosystem that malicious cyber actors, in particular the Lazarus Group, use to obfuscate the origins and destinations of proceeds from their illicit activities. On May 6, 2022, OFAC sanctioned Blender.io, the first ever designation of a virtual currency mixer, and on November 8, 2022, OFAC redesignated Tornado Cash, both of which provided mixing services to the Lazarus Group. On April 24, 2023, OFAC sanctioned two over-the-counter virtual currency traders who facilitated the conversion of stolen virtual currency to fiat currency for DPRK actors working with the Lazarus Group.

SINBAD: A PREFERRED MIXING SERVICE FOR DPRK CYBER ACTORS

Sinbad is responsible for materially assisting in the laundering of millions of dollars in stolen virtual currency and is a preferred mixing service for the Lazarus Group. Sinbad operates on the Bitcoin blockchain and indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties. Sinbad is believed by some industry experts to be a successor to the Blender.io mixer, which OFAC designated for providing mixing services to the Lazarus Group.

Sinbad was used to launder a significant portion of the $100 million worth of virtual currency stolen on June 3, 2023, from customers of Atomic Wallet. Sinbad was also used to launder a significant portion of virtual currency from the Axie Infinity heist of approximately $620 million in March 2022, and the Horizon Bridge heist of approximately $100 million in June 2022. 

OFAC sanctioned the Lazarus Group on September 13, 2019, pursuant to Executive Order (E.O.) 13722, and identified it as an agency, instrumentality, or controlled entity of the Government of the DPRK. The Lazarus Group has operated for more than ten years and is believed to have stolen over $2 billion worth of digital assets across multiple thefts. Due to the pressure of robust U.S. and United Nations sanctions, the DPRK has resorted to using illicit tactics, such as heists perpetrated by the Lazarus Group, to generate revenue for its unlawful weapons of mass destruction and ballistic missile programs. 

Sinbad is being designated pursuant to E.O. 13694, as amended by E.O. 13757, having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain, and pursuant to E.O. 13722 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Government of the DPRK, a person whose property and interests in property are blocked pursuant to E.O. 13722. 

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the entity described above that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of a blocked or designated entity.

In addition, persons that engage in certain transactions with the entity designated today may themselves be exposed to sanctions.

The power and integrity of sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons (SDN) List but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish but to bring about a positive change in behavior. For information concerning the process for seeking removal from an OFAC list, including the SDN List, please refer to OFAC’s Frequently Asked Question 897 here. For detailed information on the process to submit a request for removal from an OFAC sanctions list, please click here.

For more information on the entity designated today, click here.

To report a cyber-crime, contact the Federal Bureau of Investigation’s Internet Crime Complaint Center.

For the U.S. government’s 2020 DPRK Cyber Threat Advisory, click here.

For information on complying with virtual currency-related sanctions, see OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry and OFAC’s FAQs on virtual currency.

 

###

Official news published at https://home.treasury.gov/news/press-releases/jy1933

Most Popular