A sanctioned cryptocurrency mixer was relaunched under a different name to evade US scrutiny and has subsequently been used to clean digital money for North Korea, according to Elliptic.
The blockchain analysis company said that the Blender crypto-mixer, which was sanctioned by the US after helping Pyongyang to launder proceeds from its Axie Infinity attack, was renamed Sinbad.
After its launch in October 2022, Sinbad was first used to launder funds from the $100m heist of Horizon, and has since cleaned tens of millions in stolen crypto-cash for the hermit nation, according to Elliptic.
The firm says Sinbad shares multiple similarities with Blender, such as:
- A Bitcoin wallet used to pay people who promoted Sinbad received money from the Blender operator’s wallet
- A service address on the Sinbad website received Bitcoin from a wallet linked to the operator of Blender, in order to test the service prior to launch
- Almost all early transactions on Sinbad (around $22m) came from the suspected Blender operator’s wallet
- The specific characteristics of transactions, and use of other services to obfuscate transactions, are very similar across both mixers
- Both mixers operate with 10-digit mixer codes, guarantee letters signed by the service address and a maximum seven-day transaction delay
- The structure of both services’ websites, use of language and naming conventions are extremely similar
“Blender may have been motivated to re-brand in order to avoid sanctions, and OFAC could now seek to impose further sanctions on Sinbad,” argued Elliptic.
“It may also have done so in order to gain trust from users following Blender’s abrupt closure last year, and the disappearance of significant amounts of funds from the mixer.”
Together with another crypto-mixer, Tornado Cash, Blender is thought to have helped North Korean threat actors launder $475m from its attack on Axie Infinity – money which will likely be used to fund the country’s burgeoning weapons and nuclear programs.
A record $3.8bn was stolen from cryptocurrency firms last year, $1.7bn of which was taken by North Korean hackers, according to Chainalysis.