North Korea’s Lazarus ‘Using New Coin Mixer to Launder Crypto’ – and It’s a ‘Blender Re-brand’
Per an Elliptic post and a report from Yonhap, Larazrus is “affiliated with North Korea’s Reconnaissance General Administration.” The United States and South Korea have blamed Lazarus and affiliated groups for multiple high-level crypto hacks.
Security providers and government agencies believe Pyongyang-linked groups have used coin mixers to anonymize transactions – allowing the North to build up a vast fortune in crypto. They claim this has been used to fund Pyongyang’s costly missile programs.
Blender was hit with sanctions by the US State Department last year. Washington claimed it was being used “to launder funds stolen by North Korea.” Blender shut down in April 2022, but some believe the service’s operator vanished with some $22 million worth of Bitcoin (BTC).
But Elliptic claimed that Blender was now “back” – in a new guise.
🌪️ Blender is back! Elliptic research found that a coin mixer sanctioned for helping Lazarus Group launder tens of millions of dollars is likely to have re-launched as Sinbad and has laundered close to $100m in Bitcoin from hacks attributed to Lazarushttps://t.co/qSUPwIgPpq— Elliptic (@elliptic) February 13, 2023
The blockchain analytics firm Chainalysis also claimed North Korean hackers sent “more than $24 million to Sinbad,” Herald Kyungjae reported.
What Is a Coin Mixer? And Why Do Lazarus and North Korea Allegedly Use Them?
Coin mixers are services that are used to anonymize blockchain transactions. Using mixers makes it hard for instigators to trace a coin’s original sender.
If they are used repeatedly, it can become difficult to trace transactions. This makes it hard to see whether coins obtained illegally have been transferred elsewhere – or swapped for cash.
Elliptic claimed that Sinbad was released in “early October last year,” and claimed that despite its relatively small size, it was quickly put to use by Lazarus.
The firm claimed that to date, Lazarus has sent “tens of millions of dollars” been sent through Blender – and that it was “highly likely to have re-launched as Sinbad.”
Elliptic claimed its analysis “indicates” that Sinbad “is in fact highly likely to be a rebrand of Blender, with the same individual or group responsible for it.”
The company explained:
“The on-chain pattern of behavior is very similar for both mixers, including the specific characteristics of transactions, and the use of other services to obfuscate their transactions.”
And, Elliptic noted,
“Both services have a clear nexus to Russia, with Russian-language support and websites.”
The US Treasury Department last year blamed Lazarus for the Axie Infinity $620 million raid – the biggest crypto hack in history.
A number of suspected Lazarus members have been hit with independent sanctions from both the United States and South Korea.