The U.S. Department of the Treasury’s Office of Foreign Assets (OFAC) issued a statement yesterday stating that they had sanctioned a crypto-currency mixing service which has processed millions of dollars’ worth of cryptocurrency stolen by the North Korean Lazarus group.
The service – sinbad.io – was a mixing service that enabled criminal entities the ability to randomise stolen cryptocurrencies through multiple digital wallets in an attempt to obfuscate where the monies end up.
Sinbad.io was a widely used service by many cyber criminals, and was a preferred mixing service for the Lazarus Group, operating on the Bitcoin blockchain. The service indiscriminately facilitated illicit transactions by obfuscating their origin, destination, and counterparties. Sinbad is believed by some i to be a successor to the Blender.io mixer, which OFAC designated for providing mixing services to the Lazarus Group.
Investigations in to the service identified that Sinbad was used to launder a significant portion of the $100 million worth of virtual currency stolen on the 3rd of June 2023, from customers of Atomic Wallet.
Sinbad was also used to launder a significant portion of virtual currency from the Axie Infinity heist of approximately $620 million in March 2022, and the Horizon Bridge heist of approximately $100 million in June 2022.
The OFAC statement said that OFAC sanctioned the Lazarus Group on September 13, 2019, pursuant to Executive Order (E.O.) 13722, and identified it as an agency, instrumentality, or controlled entity of the Government of the DPRK. The Lazarus Group has operated for more than ten years and is believed to have stolen over $2 billion worth of digital assets across multiple thefts.
Lazarus Group
Lazarus group (A.K.A. Guardians of Peace & WhoisTeam is a cyber criminal group of individuals who are under the direct control of the North Korean government.
Active since 2014, the Lazarus group is widely suspected to be a wide spread group of hackers who are often tracked by other names such as Nickel Gladstone, Beagleboyz, Bluenorff, Stardust Chollima, and APT38. It could be that all the mentioned groups are the same individuals, but it is more likely thatthey are one team of individuals with different specialisms / targets
In 2017, analysts at Kaspersky labs reported that Lazarus group tended to concentrate on spying and infiltration attacks whereas a sub-group within their organisation (Bluenoroff) specialised in financial cyber attacks.
Regardless of whether Lazarus is one collective, or a set of smaller hacking teams, they have been responsible for some of the biggest attacks on the Internet, including attacks against Sony Pictures (as retaliation for the film “The Interview”, an attack against the bank of Bangladesh which attempted to transfer $1B USD from the Federal Bank of New York, and the Wannacry attack which caused global issues, and seriously affected the NHS taking huge portions of the health network offline.
The attacks on various crypto currency, and traditional financial services worldwide have netted the gang billions:
- 2015
- Guatemalan Financial Institution Theft – $16 million stolen
- 2016
- Bangladesh Bank SWIFT – Attempted to steal $1 Billion – succesfully stole $81 million
- Standard Bank Theft – $19 stolen
- Nigerian Bank Attempted SWIFT Heist – $100 million stolen, but recovered
- Union Bank of India Attempted SWIFT Heist – $170 stolen, but recovered
- 2017
- BitHumb Crypto Heist #1 – $7 million stolen
- YouBit Crypto Heist – $5.6 million stolen
- BitHumb Crypto Heist #2 – $7 million stolen
- South Korean Monero Cryptojacking – $25,000 stolen
- Coinis Crypto Heist – $2.19 million stolen
- Tunisian Financial Institution Attempted Theft – $60 million attempted theft
- Far Eastern International Bank – $14 million stolen
- Youbit Hacked – 17% of assets stolen (full amount unknown) – caused Youbit to seek bankruptcy
- NiceHash Crypto Heist – $70 million stolen
- 2018
- Bancomext Attempted SWIFT Heist – $110 million stolen, but recovered
- Coincheck Crypto Heist – $534 million stolen
- City Union Bank SWIFT Attack – $1 million stolen
- Malaysian Central Bank Attempted SWIFT Heist – Attempt to steal $390 million stopped
- Banco de Chile – $10 million stolen
- Liberian Financial Institution – Attempt to steal $32 million stopped
- BitHumb Crypto Heist #3 – $31 million stolen
- Cosmos Bank SWIFT Heist – $13.5 million stolen
- 2019
- Spanish Financial Institution Attempted Theft – Attempt to steal $32 million stopped
- Nigerian Financial Institution Attempted Theft – Attempt to steal $12.2 million stopped
- Gambian Financial Institution Attempted Theft – Attempt to steal $9.3 million stopped
- DragonEx Crypto Heist – $7 million stolen
- Kuwait Bank Theft – $49 million stolen
- BitHumb Crypto Heist #4 – $20 million stolen
- 2022
- Ronin cryptocurrency theft – $615 million stolen
