Elliptic, a blockchain analytics firm, recently stated in a blog post that the famed anonymizing site for crypto transactions, Blender.io, may have relaunched under a new name, Sinbad.

Blender.io was placed on a US sanctions list in May 2022

Blender.io wallets on the Bitcoin and Ethereum blockchains were placed on a US sanctions list in May 2022 after it was determined that the site was used to launder cybercrime proceeds by the North Korean hacking organization Lazarus.

Elliptic reports that the North Korean hackers utilized Blender.io and another mixer named Tornado Cash to launder the coin they stole from Horizon, another blockchain bridge, resulting in a loss of $100 million in crypto. The hacking gang was also responsible for the Ronin attack, which resulted in the theft of $625 million in cryptocurrency from a blockchain bridge protocol used by the popular NFT game Axie Infinity.

Elliptic found evidence that Sinbad and Blender.io are the same entity

Sinbad appears to have taken the position of Blender.io, which shut down in April. Elliptic has discovered evidence that the same persons are behind Sinbad and Blender.io, as the two mixers have identical work habits and Russian-speaking websites and tech support staff. Incoming transactions to Sinbad are largely from wallets associated with Blender.io, and its operators reward promoters from wallets associated with Blender as well.

Elliptic discovered a crypto mixer that is most likely a rebranded version of a previously shut-down firm. Sinbad, which was created in October 2022, has swiftly become a go-to for North Korean hacker outfit Lazarus to launder their hacking gains. Elliptic’s investigation reveals that Sinbad and the now-defunct Blender.io are the same entity, run by the same people.

Both mixers have nearly identical on-chain behaviour

The parallels between Sinbad and Blender, according to Elliptic, are startling. According to the firm’s blockchain transaction analysis, a Bitcoin wallet used to pay Sinbad’s promoters got payments from a wallet managed by the Blender operator. Similarly, virtually all of Sinbad’s early inbound transactions came from the suspicious Blender wallet.

Both mixers’ on-chain behaviour is nearly identical, including transaction characteristics, ten-digit mixer codes, and maximum seven-day transaction latency. Both services’ websites are structured similarly, and they both have ties to the Russian-speaking community.

Elliptic has warned crypto service customers to be cautious when utilizing mixers and to be aware of their reputation and history. The organization is constantly monitoring the crypto sector in order to discover and track illegal activity, as well as to assist prevent the exploitation of crypto assets for criminal reasons.

Reference: Elliptic