Blender, the cryptocurrency mixer sanctioned by the United States Department of the Treasury’s Office of Foreign Assets Control in May, was “highly likely” relaunched as Sinbad, according to risk management firm Elliptic.
In a Feb. 13 report, Elliptic said its analysis of Sinbad indicated that the crypto mixer was likely a rebrand of Blender as well as having “the same individual or group responsible for it.” According to the firm, Sinbad was behind the laundering of roughly $100 million in Bitcoin (BTC) for North Korea’s hacking group Lazarus.
Elliptic said that after U.S. authorities cracked down on crypto mixers — as OFAC did with Tornado Cash in August and Blender in May — Lazarus hackers used Sinbad to launder some of the funds from the $100-million attack on Horizon Bridge in January. Blockchain analysis of wallets tied to a suspected Blender operator also showed $22 million in crypto going to Sinbad and other funds sent to individuals who promoted the mixer.
“The on-chain pattern of behavior is very similar for both mixers, including the specific characteristics of transactions, and the use of other services to obfuscate their transactions,” said Elliptic. “The way in which the Sinbad mixer operates is identical to Blender in several ways, including ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay.”
Elliptic speculated that the individuals behind Sinbad may have rebranded to “gain trust from users” following Blender shutting down, adding that OFAC could consider ordering sanctions on the crypto mixer. The U.S. Treasury Department is already facing lawsuits for its sanctions on Tornado Cash.
Lazarus has allegedly been responsible for several major attacks in the crypto space, including a $620-million hack of Axie Infinity’s Ronin Bridge in March. South Korea’s government has also imposed its own sanctions against North Korean entities tied to the theft of cryptocurrency.