As law enforcement agencies are tightening their grip on illegitimate crypto transactions, hackers resort to using new cryptocurrency laundering techniques to evade detection. Recently, the North Korean hacking group Lazarus has been discovered using a new mixer to hide $100 million in stolen crypto.
In the past, Lazarus had used cryptocurrency mixing services such as Tornado Cash and Blender (custodial-based) to launder close to $500 million in illicitly obtained cryptocurrency.
Lazarus’s strategy
Elliptic researchers found that Blender’s operators launched a new custodial-based service named Sinbad in early October 2022.
- As a custodial-based tool, its operators have full control over the crypto assets deposited within it.
- Lazarus stole $100 million in crypto assets from a cross-chain bridge named Horizon in June 2022 and in due course of time, it used Tornado Cash in combination with Sinbad as a way around the sanctions to launder assets.
- Sinbad has been used to pass tens of millions of dollars from Horizon and other North Korea-linked hacks to date.
Last year, the U.S. Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against these mixing services. Since then, it is suspected that Lazarus has shifted to the new mixer service to launder its funds.
Sinbad’s link with Blender
Experts have high confidence that Blender’s operators are behind Sinbad or Blender has been re-launched as Sinbad. Blockchain transactions reveal a link between both mixers.
- They have a similar on-chain pattern behavior that includes specific characteristics of transactions and the use of other services to obfuscate transactions.
- Other features such as ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay are identical in both mixers.
- Other commonalities include similar websites, naming conventions, and language. Further, Russian-language support and websites indicate a connection with Russia.
Conclusion
Although OFAC imposed sanctions on mixers used by the Lazarus group, the latter switched to a new mixer in no time. Despite being a new mixer, Sinbad’s type and similarities with Blender increase cybercriminals’ trust in it. As a prominent hacking group is using it, many other hackers are expected to soon start using this tool to launder the cryptocurrency proceeds from their heists and conceal blockchain trails.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/3520_shutterstock_2172445575.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2ebb_shutterstock_2241655331.jpg)
