HQ/EMEAFind out how we can help your business
North Korea-backed hackers, Lazarus group, is currently using a new mixer to hide approximately $100 million worth of stolen cryptocurrency. Based on reports, threat actors have adopted new crypto laundering techniques to bypass security detections.
The sudden strictness of law enforcement agencies against illegitimate cryptocurrency transactions has influenced these tactics from the threat actors. Lazarus’ most notorious crypto campaign is when they used a couple of crypto mixing services called Blender and Tornado Cash to launder nearly $500 million.
The Lazarus group has adopted a newly created custodial-based service.
According to investigations, the previous operators of Blender service developed a new custodial-based service called Sinbad last year, which the Lazarus group immediately used.
However, its operators control the crypto assets within it since it is a custodial-based tool.
Recently, Lazarus stole a hundred million dollars worth of cryptocurrency assets from Horizon in June last year. The group combined Tornado Cash and Sindbad to avoid sanctions for laundering assets.
Since they have wildly used it in recent campaigns, Sinbad immediately becomes a go-to money laundering service for North Korean hackers.
Fortunately, the United States Treasury’s Office of Foreign Assets Control enacted several sanctions against these mixing services. Hence, some researchers believed that the sanctions caused Lazarus to shift to a new mixer service to launder stolen funds.
On the other hand, cybersecurity experts claim that Blender service operators are Sinbad’s authors. A separate group of researchers also believed that Sinbad is just a rename and relaunch of Blender.
Both services have similar on-chain pattern behaviour that contains transactions’ characteristics and other services’ use to hide operations.
Currently, OFAC’s sanctions on mixers could have affected the Lazarus group’s recent campaign, which will likely switch to a new mixing service. Unfortunately, Sinbad’s similarity to Blender could attract cybercriminals and use it in their money laundering operations.
Law enforcement agencies expect a surge of Sinbad usage soon as one of the most notorious groups in Lazarus used such a tool.
