Sanctioning Virtual Currency Mixer that Facilitated DPRK Laundering of Stolen Funds

The United States is sanctioning virtual currency mixer Sinbad.io (Sinbad) today for its role in processing millions of dollars’ worth of virtual currency stolen by the U.S.-designated Lazarus Group, a state-sponsored malicious cyber actor group of the Democratic People’s Republic of Korea (DPRK).  Cybercriminals also used Sinbad to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, trade in child sexual abuse materials, and illicit sales on darknet marketplaces.

The UN Security Council’s Panel of Experts on DPRK sanctions has highlighted Pyongyang’s aggressive cyber-theft campaign, which plays an essential role in generating funds for the DPRK’s unlawful weapons of mass destruction and ballistic missile programs.  Today’s designation builds on earlier actions that we have taken to expose the DPRK’s abuse of the virtual currency ecosystem.  The United States will not hesitate to use all tools at our disposal to disrupt the DPRK’s illicit activities that threaten international peace and security.

Sinbad is being designated pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, the Atomic Wallet hack; and E.O. 13722 for materially assisting the Lazarus Group, an agency, instrumentality, or controlled entity of the Government of North Korea.  For more information on today’s designation, see Treasury’s press release.