ClickCease US Sanctions Sinbad Mixer: Disrupting Threats Unveiled

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

US Sanctions Sinbad Mixer: Disrupting Threats Unveiled

Wajahat Raja

December 14, 2023 - TuxCare expert team

The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It’s a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained through various heists. This move aims to curb the nefarious activities associated with Sinbad, which has processed millions of dollars in virtual currency. The amount has been linked to Lazarus Group heists, including notable incidents like the Horizon Bridge and Axie Infinity heists. In this blog, we’ll delve into the details of the US Sanctions Sinbad Mixer including the impact and the risks associated.


Threat Actors Using Sinbad Mixer

In response to Sinbad’s involvement in money laundering activities, the U.S. Treasury Department not only imposed sanctions but also seized the mixer’s website,
tracking threat actors in cyberspace. This coordinated law enforcement effort involved agencies from the U.S., Finland, and the Netherlands. The sanctions target Sinbad’s role in facilitating transactions related to sanctions evasion, drug trafficking, the purchase of illegal materials, and additional illicit sales on darknet marketplaces.

Global Crackdown on Mixers

The actions against Sinbad align with previous efforts by European and U.S. governments to crack down on virtual currency mixers accused of providing
“material support” to hacking groups. Mixers such as Blender, Tornado Cash, and ChipMixer faced similar measures, reinforcing the commitment to disrupt money laundering services supporting cyber criminals.

US Sanctions Sinbad Mixer’s Origin and Purpose

Created in
September 2022 by an individual using the alias “Mehdi,” Sinbad claimed to be a legitimate privacy-preserving initiative. The creator stated that it was launched in response to the increasing centralization of cryptocurrency and the erosion of privacy promises initially associated with it. Despite these claims, Sinbad emerged as a replacement for Blender, with the Lazarus Group utilizing it to launder virtual currency acquired through the hacks of Atomic Wallet and Harmony Horizon Bridge. 

Financial Impact and Connections

Blockchain analytics firm Elliptic revealed that over one-third of funds sent to Sinbad originated from crypto hacks, making it a preferred choice for DPRK-based hacking activities after the takedown of Tornado Cash and Sinbad’s connection to
ransomware actors, darknet markets, and scammers highlights its role in obfuscating the origin, destination, and counterparties involved in illicit transactions.

Evidence of Commonality with Blender

Elliptic’s analysis suggests a strong likelihood that the same individual or group is behind both Sinbad and Blender. This conclusion is drawn from an examination of on-chain patterns, the operational similarities between the two mixers’ shared characteristics in their websites, and their connections to Russia. Transactions involving a ‘service’ address on Sinbad’s website, Bitcoin transfers between suspected Blender operator wallets, and payments to Sinbad promoters all point to a significant overlap between the two entities.

Legal Action and International Cooperation

The recent sentencing of Vitalii Chychasov, an administrator of the dismantled online marketplace
SSNDOB, reinforces the commitment to pursuing cybercriminals globally. Chychasov, a Ukrainian national, received an eight-year federal prison sentence in the U.S. for selling personal information, emphasizing the severity of consequences for those engaged in illicit activities. The joint operation that led to the takedown of SSNDOB involved collaboration between the U.S., Cyprus, and Latvia, showcasing the importance of international cooperation in combating cyber threats. 


As per the US, Sinbad played a role in laundering a substantial share of the $100 million in cryptocurrency taken from Atomic Wallet in June 2023, the $620 million pilfered from Axie Infinity in March 2022, and the $100 million acquired from the Horizon Bridge hack in June 2022. As we navigate the complex landscape of cybersecurity, it becomes evident that the US government response to cyber threats plays a pivotal role in shaping the resilience of our digital ecosystem.


As the US sanctions Sinbad mixer and seizes its website a significant milestone in the ongoing efforts to disrupt cybercriminal activities is achieved. By targeting virtual currency mixers like Sinbad, authorities aim to undermine the financial infrastructure supporting hacking groups and other illicit enterprises. The interconnected nature of these Sinbad Mixer cyber threats, as evidenced by the links between Sinbad and Blender, underscores the importance of a global, collaborative approach to safeguarding the digital landscape from malicious actors.

In the face of evolving cyber threats, securing financial transactions and proactive measures remain essential to maintaining a secure digital environment. As we move forward, the collective efforts of governments, law enforcement agencies, and cybersecurity professionals will play a pivotal role in mitigating the impact of cybercrime on individuals, businesses, and the global economy.

The sources for this piece include articles in The Hacker News and Security Week


Disrupting Threats: US Sanctions Sinbad Mixer
Article Name
Disrupting Threats: US Sanctions Sinbad Mixer
Explore the impact of US sanctions Sinbad Mixer, a tool used by threat actors, and stay informed on cybercrime crackdowns.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter