Sinbad

Tool updated 2 months ago (2024-08-14T17:50:16.133Z)

Download STIX

Preview STIX

Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet to be determined in comparison to other established services like Tornado Cash. The link between the Sinbad mixer and the Atomic Wallet, as identified by Elliptic, suggests the involvement of Lazarus Group, a notorious North Korean hacking team known for their cyber heists. The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sinbad, along with other crypto-mixing services such as Tornado Cash and Blender.io, which were reportedly used by North Korean hacking groups to launder funds stolen in multiple hacks including those of Atomic Wallet, Axie Infinity, Nomad, and Horizon. The Lazarus Group has allegedly used Sinbad to process millions of dollars worth of virtual currency from these crypto heists. Furthermore, researchers have noted that the stolen assets are being laundered using specific services, including Sinbad, which have also been used to launder proceeds from past hacks perpetrated by the Lazarus Group. However, in November, US authorities seized Sinbad, forcing the Lazarus Group to shift back to using Tornado Cash. This action was followed by an increase in the use of another mixer, YoMix, after the takedown of Sinbad. It is believed that the Lazarus Group is using this Bitcoin mixer to launder funds, with inflows growing more than five-fold in 2023. Despite these measures, the trail of $54 million of Bitcoin sent to the Sinbad mixer has gone cold, according to Elliptic.

Description last updated: 2024-03-21T23:15:35.296Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lazarus Group is a possible alias for Sinbad. The Lazarus Group, also known as Hidden Cobra and Guardians of Peace, is a notorious threat actor attributed to North Korea. Their activities date back several years, with significant exploits including the "FASTCash" ATM cash-out scheme warned about by the US-CERT in October 2018. More recently, th	4
Blender is a possible alias for Sinbad. Blender, a renowned threat actor known for its involvement in the cybersecurity landscape, has recently been under scrutiny due to its alleged role in facilitating illegal transactions. Last year, the US imposed sanctions on crypto mixers Tornado Cash and Blender, targeting them as part of a broader	3
sinbad.io is a possible alias for Sinbad. Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Bitcoin

Blender

Tornado Cash

Chainalysis

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Sinbad Tool was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	North Korean Hackers Looted Over $600,000,000 in Crypto in 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
CERT-EU	10 months ago	A Digital Asset Pilferage of Over $500 Million in 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
BankInfoSecurity	7 months ago	Cryptohack Roundup: Ray Eviscerates Bankman-Fried
CERT-EU	7 months ago	Lazarus Group hackers appear to return to Tornado Cash for money laundering \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	7 months ago	North Korean hackers are laundering millions worth of crypto through a sanctioned 'mixer'
CERT-EU	7 months ago	Lazarus Group taps Tornado Cash to launder Heco Bridge, HTX hack proceeds \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	7 months ago	North Korean Hackers Used Tornado Cash to Launder $12M From Heco Bridge Hack: Elliptic \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
InfoSecurity-magazine	8 months ago	Crypto-Money Laundering Records 30% Annual Decline
CERT-EU	a year ago	North Korea shows off surveillance satellite
CERT-EU	a year ago	FTX Thief Cashes Out Millions During Bankman-Fried Trial - Slashdot
DARKReading	a year ago	Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
CERT-EU	a year ago	FTX thief cashes out millions during Bankman-Fried trial
InfoSecurity-magazine	2 years ago	Record $3.8bn Stolen Via Crypto in 2022
CERT-EU	a year ago	Tornado Cash 'laundered over $1B' in criminal cryptocurrency
CERT-EU	a year ago	North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
CERT-EU	2 years ago	Inside the international sting operation to catch North Korean crypto hackers
CERT-EU	a year ago	North Korea's Lazarus Group linked to Atomic Wallet heist
CERT-EU	10 months ago	North Korean crypto hackers raided $600m in 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Over $3M worth of crypto amassed by North Korean hackers
CERT-EU	a year ago	North Korean hackers have pilfered $3B of crypto over past six years: Report \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting