Search Inside Bitcoins

North Korean Hackers Switch Tactics And Tools To Get Your Holdings.

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

A crypto trading firm called Elliptic Enterprises Ltd has stated that there is the latest information about hackers switching to new tactics to steal virtual currency.

Sources have reasons to believe that these hackers are associated with the North Korean Government.  Their use of new tools to launder digital assets could wipe out investors’ crypto holdings.

The Lazarus Group: Cyber Criminal Syndicate

These North Korean hackers are sometimes known as the Lazarus Group. According to officials at Elliptic Enterprises Ltd, hackers are using a new laundering tool named ‘Sinbad’. There are speculations on behalf of the firm that ‘Sinbad’ has a probable connection with their previous crypto mixer called ‘Blender’. In May 2022, Blender was sanctioned by the US Treasury. Sinbad is highly likely to be a revamp of Blender.

The Lazarus Group is a prolific cryptocurrency hacker. They were successful in pulling off some of the massive crypto heists in the last few years. The Lazarus hackers were accused of stealing from an online gaming group called ‘Axis Infinity’. The estimated worth of this launder was more than six hundred million US dollars. Lazarus hackers also hacked from a cryptocurrency bridge called ‘Horizon’. The hackers stole around a hundred million US dollars from Horizon. In 2022, they stole cryptocurrency with an estimated worth of nearly 2 billion US dollars. By doing so, the group broke a number of its own previous records for theft in the year.

The Lazarus Group was also the main culprit behind intensifying the trends of DeFi protocol hacks in the year 2022.

Experts believe that Lazarus is using this stolen cyber crime money to fund North Korea’s nuclear weapon programs.

What is Crypto Mixers?

There is software available that allows users to send cryptocurrency anonymously. Thus, helping to obfuscate the sources and destinations of cryptocurrency holdings. This software is called crypto mixers, cryptocurrency blenders, and also crypto tumblers.

These are completely legal tools. They help in protecting users’ privacy while dealing with crypto assets. However, there are some evil parties (hackers) who use them to launder stolen digital goods or make other unauthorized payments. Crypto hackers use these mixers to exchange crypto holdings for fiat currency.

The mixers blend or mix the user’s crypto holding with various sources. Thus, allowing the users to withdraw the balance of their assets later and with completely new and difficult-to-track down addresses.

Heist money passed through Sinbad

Sinbad is a new custodial Bitcoin mixer. It was launched in October 2022. Around the same time, it also began advertising its services to the public on a Bitcoin talk forum. Even though this tool is comparatively smaller in size than its counterparts, it is being used extensively to launder the money gained from the heists done by the Lazarus Group.

To date, millions of dollars gained through North Korean-linked hacks have been laundered through Sinbad. The $100 million heist from the horizon was also passed through this new mixer- Sinbad. Elliptic believes that they are continuing to use Sinbad to show their confidence and trust in this new mixer.

Well look at it in more detail below.

Why Sinbad?

The North Korean hackers were previously using a mixer called Blender to support their cybercrime activities and money laundering of stolen digital currency.

On March 2022, the Lazarus Group, a North Korea-sponsored hacking group, carried out a massive virtual heist from the aforementioned ‘Axis Infinity’. Then, they used the crypto mixer Blender to process over $20 million of these illegally stolen proceeds.

Thus, last year, the US Treasury imposed its first-ever virtual sanction on the currency mixer Blender. Backing the sanction, the Under Secretary of the Treasury said that it is crucial to stop this mixer since it poses a serious danger to the health of the US economy and the country’s national security. It was also mentioned that state-sponsored cyber crimes and money laundering will also meet their fate and won’t go unnoticed.

Hackers had also used Tornado Cash previously in a similar capacity. However, Tornado Cash was also sanctioned in August 2022. Soon after its designation, the hackers started using various mixers to make the tracking of digital assets more complicated. Their move was also motivated by the fact that overall transaction volume for Tornado Cash fell tremendously, thus rendering it less effective for use.

Since then, hackers have adapted and moved on to Sinbad.

Similarities Between Sinbad and Blender

Crypto experts now believe that the new tool Sinbad is nothing but a mixer of the Blender. The renaming was done to avoid future complications from the government. Let us see in detail why experts think that there is a connection between Sinbad and Blender.

  • Operated by the same people: Sources believe that the group or people responsible for the previously used Blender are the same ones who are now managing Sinbad. In essence, Sinbad is essentially a rebranding of Blender.
  • Technical similarities: There are some technical similarities between these two crypto mixers. Sinbad and Blender are both custodial mixers. The operators who use them would have full control of his/her deposits.
  • Transfer of funds: Suspicious activities led to further confirmation regarding the linkage between Sinbad and Blender. Apparently, an operator sent funds to the Sinbad service in December 2022. These funds were sent from a wallet linked to the North Korean Hackers.
  • Bitcoin as a reward: Lazarus gave rewards to users who promoted Sinbad. These rewards were in the form of bitcoin and were sent from the Blender wallet.
  • Early transactions: There were early incoming transactions of $22 million, suspected to have come from the Blender wallet to Sinbad.
  • Specific Transaction Characteristics: Blender and Sinbad’s services have similar on-chain behaviors and transactions with specific characteristics. Both services also use other services to hide the destination of the digital assets.
  • Language and patterns: Blender and Sinbad both use similar languages and naming patterns.
  • Other similarities: Like Blender, Sinbad also uses a 10-digit number as its mixer code. It also uses a guarantee letter which is signed by the service address. Like Blender, Sinbad also has a similar seven-day transaction delay.


Crypto mixers and new hacking tools pose a threat to holders of cryptocurrency. There is fear that users’ hard-earned coins will be wiped out and hackers will make millions off investors’ assets.

The good news is that there are security protocols in place to help mitigate this. Crypto exchanges may block any transactions if they doubt them as fraudulent transactions or theft.

There are firms that do crypto tracing to stop hackers from stealing funds. For example, firms like the Elliptic and the Chain analysis. They assist the law and enforcement in discovering stolen and laundered cryptocurrency.

Government and cyber security experts are also increasing their expertise in curbing virtual theft. They are getting innovative in tracking hidden digital funds.

Related Articles

Smog (SMOG) - Meme Coin With Rewards


Smog token
  • Airdrop Season One Live Now
  • Earn XP To Qualify For A Share Of $1 Million
  • Featured On Cointelegraph
  • Staking Rewards - 42% APY
  • 10% OTC Discount -
Smog token

Join Our Telegram channel to stay up to date on breaking news coverage

Read next