Blender coin mixer may have rebranded, likely remains in use by Lazarus Group

The coin mixer Blender has likely rebranded and could still be in use among North Korean groups, according to a report from analytics firm Elliptic on Feb. 13.

Elliptic says that although Blender stopped operating in April 2022, it has likely rebranded as “Sinbad” based on several facts and patterns it has observed.

Blender’s operator is suspected of sending $22 million of early Bitcoin transactions to Sinbad, plus a separate amount sent to a “service” address. Blender’s operator likely sent Bitcoin to a wallet that also paid Sinbad’s promoters.

Elliptic also noted several similarities between Sinbad and Blender by comparing their on-chain behavior, various features, and respective websites. The firm noted that both mixers could be tied to Russia through their supported languages and websites.

Elliptic also observed that Blender and Sinbad were used in two blockchain attacks by North Korea’s state-sponsored Lazarus Group.

Lazarus attacked Ronin Bridge (associated with the blockchain game Axie Infinity) for more than $540 million in March 2022. Following that attack, Lazarus managed to launder $475 million of that amount through various coin mixers, one of which was Blender.

Lazarus then attacked the cross-chain bridge Horizon in June 2022, stealing $100 million. When Sinbad went live months later in October, Lazarus used it to launder nearly $100 million stolen from Horizon and other targets, Elliptic said.

A separate mixer — Tornado Cash — was also used in both attacks. It continues to operate despite the sanctions imposed by the U.S. Treasury and its Office of Foreign Assets Control (OFAC) in August 2022. Elliptic said that Sinbad could face similar sanctions, adding that Blender and Sinbad addresses are already flagged in its compliance services.

Despite their use in money laundering and recent attention from enforcement, coin mixers have legitimate uses and can be used to perform private transactions.

Posted In: Hacks, Privacy
Bookmark (0)

Related Posts

8 out of 10 investors store crypto on hot wallets: CoinGecko survey

8 out of 10 investors store crypto on hot wallets: CoinGecko survey

7 out of 10 investors hold their crypto on centralized exchanges, while only 3 out of 10 prefer cold wallets.

Bookmark (0)
Investment in European crypto startups defied the 2022 bear market

Investment in European crypto startups defied the 2022 bear market

European crypto startups raised a record level of funding last year and saw increased interest from U.S. investors.

Bookmark (0)
SEC issues investor alert over crypto investments

SEC issues investor alert over crypto investments

The SEC said firms offering crypto investments services might violate several applicable laws, including the federal securities laws.

Bookmark (0)
Uphold ends staking for US customers following SEC guidance

Uphold ends staking for US customers following SEC guidance

U.S. crypto regulations force Uphold to preemptively end staking services for U.S. Users

Bookmark (0)
Congressman Emmer introduces bill providing ‘safe harbor’ to miners, developers and wallets

Congressman Emmer introduces bill providing ‘safe harbor’ to miners, developers and wallets

Under Emmer’s bill, entities that do not custody or control consumer funds should be exempt from stringent regulations.

Bookmark (0)
Coinbase’s Brian Armstrong criticizes US crypto regulation, SEC behavior in Twitter Space

Coinbase’s Brian Armstrong criticizes US crypto regulation, SEC behavior in Twitter Space

Coinbase’s legal challenges with SEC discussed in Twitter Space on Crypto Regulation.

Bookmark (0)

Leave a Reply

Your email address will not be published. Required fields are marked *