sinbad.io

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfuscate the source of their stolen funds, these actors turned to Sinbad.io and other alternatives. The shift was notable due to an 85% decline in overall volume observed in Tornado Cash usage post-sanctions in August 2022. Sinbad.io, along with cross-chain bridges, became the preferred choice for these hackers, allowing them to continue their illicit activities. However, this respite was short-lived. Sinbad.io, which had become a key tool in the arsenal of the notorious Lazarus Group, was seized by U.S. authorities in November 2023. This operation was carried out with the assistance of Dutch and Polish authorities, following a decision to blacklist the cryptocurrency mixer. Sinbad.io's seizure represented a significant blow to the operations of the Lazarus Group, who were allegedly using the service to launder assets procured through multiple crypto heists. In response to the takedown of Sinbad.io, the Lazarus Group reverted to using Tornado Cash for their operations. Despite previous sanctions, Tornado Cash has continued to operate owing to its decentralized nature, making it immune to seizures like centralized mixers such as Sinbad.io. The Lazarus Group now appears to be laundering funds at scale and obfuscating their transaction trail through Tornado Cash, reflecting the limited number of large-scale mixers currently operating due to law enforcement actions against services like Sinbad.io and Blender.io.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sinbad
2
Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Korean
State Sponso...
Bitcoin
Government
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
3
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Tornado CashUnspecified
2
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the sinbad.io Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
North Korean Hackers Are Attacking US Hospitals
DARKReading
8 months ago
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
CERT-EU
a year ago
Atomic Wallet Hack: Overview And Ongoing Investigation - Hacken
CERT-EU
8 months ago
$10 million up for grabs in fight against North Korean hackers
CERT-EU
8 months ago
US authorities offer a $10M reward for info on North Korean money launderers
BankInfoSecurity
8 months ago
US Sanctions North Korean Cyber Unit After Satellite Launch
CERT-EU
a year ago
Atomic Wallet hackers turn to OFAC-sanctioned Garantex: Elliptic | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Meet the Creator of North Korea’s Favorite Crypto Privacy Service | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
BankInfoSecurity
8 months ago
North Korea's Supercharged State-Backed Cryptocurrency Theft
CERT-EU
8 months ago
US sanctions Sindbad crypto mixer allegedly used by North Korea’s Lazarus hackers
CERT-EU
a year ago
Meet the Creator of North Korea’s New Favorite Crypto Privacy Service
Securityaffairs
4 months ago
Lazarus APT returned to Tornado Cash to launder stolen funds
CERT-EU
4 months ago
Lazarus Group hackers appear to return to Tornado Cash for money laundering | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
Hackers like Lazarus continue to use Tornado Cash despite US sanctions | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting