A cryptocurrency mixer used by the North Korean hacker organization Lazarus Group was sanctioned on Wednesday by the U.S. Department of the Treasury’s Office of Foreign Assets Control.
OFAC claims Sinbad.io, or Sinbad, was used to launder hundreds of millions of dollars connected to high-profile hacks executed by the Lazarus Group, including attacks on customers of the Horizon Bridge and the play-to-earn game Axie Infinity. The Axie hack alone netted about $620 million in March 2022.
Sinbad was heavily used by Lazarus Group, but also by other malicious actors, to hide the origin and destination of blockchain transactions, OFAC said in a statement. Some of the transactions Sinbad helped obfuscate, according to OFAC, were tied to sanctions evasion, drug trafficking, and the purchase of child sexual abuse materials.
It is now illegal for U.S. citizens to use Sinbad, and all property tied to the mixer must be reported to OFAC. Individuals still conducting certain transactions with Sinbad also could be sanctioned.
“Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences,” Deputy Secretary of the Treasury Wally Adeyemo said in the statement.
Sinbad joins Blender.io and Tornado Cash as mixers to have been sanctioned by the U.S. over the past 18 months. OFAC’s sanctioning of Tornado Cash last year came after the service initially tried to meet the government’s requirements and block addresses tied to Lazarus from its website. It was still sanctioned, drawing the ire of many within the crypto industry, who claimed the government was taking away crypto users’ right to privacy.
"While we encourage responsible innovation in the digital asset ecosystem," Adeyemo added, "we will not hesitate to take action against illicit actors."