Sanctioned Mixer Blender Re-Launched as Sinbad, Elliptic Says
Operators of Blender.io might have launched Sinbad after Blender was sanctioned for processing North Korean hackers’ money, blockchain intel firm said.
Feb 13, 2023 at 6:36 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/XMM65HPHEREZBGGOOEPAK7EVLM.jpg)
(Getty Images)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
Blockchain analytics company Elliptic said in a blog post on Monday that an anonymizing service for crypto transactions that was shut down last year has likely re-launched under a new name.
Wallets of Blender.io on the Bitcoin and Ethereum blockchains were put on a U.S. sanctions list in May 2022 after it turned out North Korean hacker group Lazarus used the service to launder cybercrime proceeds. The U.S. Treasury Department said Lazarus was behind the infamous Ronin hack, when $625 million worth of crypto was stolen from a blockchain bridge protocol used by the popular non-fungible token NFT game Axie Infinity.
The hackers then used cross-chain bridges and mixers to launder the proceeds of the hack, and Blender.io was among them. The mixer ceased operations in April, but Elliptic said a similar service was launched in October, which received crypto from Blender.io-linked wallets and also was used by Lazarus.
Previously, Lazarus used Blender.io and Tornado Cash, another sanctioned mixer whose developer Andrey Pertsev is now under arrest in Netherlands. Unlike Blender.io, Tornado Cash is still working, despite its addresses being on the Office of Foreign Control (OFAC) sanctions list, Elliptic said. But Blender shut down and Sinbad seems to have taken its place, the blog reads.
The North Korean hackers used Tornado Cash and Sinbad to launder the crypto they stole from Horizon, another blockchain bridge allowing users to trade assets between the Harmony blockchain and other chains. $100 million worth of crypto was stolen from Horizon in June, and part of it went to Sinbad, Elliptic said.
There are signs the same people might be behind Sinbad and Blender.io, Elliptic said. For example, before Sinbad was launched officially, its wallet received bitcoin from a wallet “believed to be controlled by the operator of Blender.” The founders might have been testing the new service, Elliptic suggested.
After Sinbad was launched, most of the incoming transactions would come from a wallet linked to Blender.io, and Sinbad operators rewarded promoters of the new mixer also from a wallet related to Blender. The two mixers had similar patterns of work, Elliptic said, and both have Russian-speaking websites and tech support teams, meaning both might have roots in Russia or Russian-speaking countries.
Disclosure
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/901d8d4c-31f9-47f3-a8de-f753715daf96.png)
Anna Baydakova was CoinDesk's investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.
Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.