Sanctioned Mixer Blender Re-Launched as Sinbad, Elliptic Says
Operators of Blender.io might have launched Sinbad after Blender was sanctioned for processing North Korean hackers’ money, blockchain intel firm said.
Feb 13, 2023 at 6:36 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/XMM65HPHEREZBGGOOEPAK7EVLM.jpg)
(Getty Images)
Blockchain analytics company Elliptic said in a blog post on Monday that an anonymizing service for crypto transactions that was shut down last year has likely re-launched under a new name.
Wallets of Blender.io on the Bitcoin and Ethereum blockchains were put on a U.S. sanctions list in May 2022 after it turned out North Korean hacker group Lazarus used the service to launder cybercrime proceeds. The U.S. Treasury Department said Lazarus was behind the infamous Ronin hack, when $625 million worth of crypto was stolen from a blockchain bridge protocol used by the popular non-fungible token NFT game Axie Infinity.
The hackers then used cross-chain bridges and mixers to launder the proceeds of the hack, and Blender.io was among them. The mixer ceased operations in April, but Elliptic said a similar service was launched in October, which received crypto from Blender.io-linked wallets and also was used by Lazarus.
Previously, Lazarus used Blender.io and Tornado Cash, another sanctioned mixer whose developer Andrey Pertsev is now under arrest in Netherlands. Unlike Blender.io, Tornado Cash is still working, despite its addresses being on the Office of Foreign Control (OFAC) sanctions list, Elliptic said. But Blender shut down and Sinbad seems to have taken its place, the blog reads.
The North Korean hackers used Tornado Cash and Sinbad to launder the crypto they stole from Horizon, another blockchain bridge allowing users to trade assets between the Harmony blockchain and other chains. $100 million worth of crypto was stolen from Horizon in June, and part of it went to Sinbad, Elliptic said.
There are signs the same people might be behind Sinbad and Blender.io, Elliptic said. For example, before Sinbad was launched officially, its wallet received bitcoin from a wallet “believed to be controlled by the operator of Blender.” The founders might have been testing the new service, Elliptic suggested.
After Sinbad was launched, most of the incoming transactions would come from a wallet linked to Blender.io, and Sinbad operators rewarded promoters of the new mixer also from a wallet related to Blender. The two mixers had similar patterns of work, Elliptic said, and both have Russian-speaking websites and tech support teams, meaning both might have roots in Russia or Russian-speaking countries.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
:format(webp)/www.coindesk.com/resizer/Kp7K_kPq5E-t22ZbSPqw4PxH5hQ=/arc-photo-coindesk/arc2-prod/public/PG6NFPSFJVA5ZFDD46E343XSR4.png)
Anna Baydakova is an investigative reporter with a special focus on Eastern Europe and Russia. Anna owns BTC and an NFT.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.