Following the sanctioning of Tornado Cash earlier this year, the US Treasury Department has now banned all American citizens and entities from engaging with another piece of software, this time Sinbad.
Sinbad, like OFAC sanctioned Tornado cash and Blender.io before it, is a crypto mixer which provides privacy to users by masking and mixing the origin, destination and addresses of Bitcoin transactions, which are otherwise entirely traceable. Earlier this year CoinDesk reported that Blender.io's founders might be behind the launch of Sinbad.
OFAC's stated justification for the sanctioning of Sinbad is that it:
serves as a key money-laundering tool of the OFAC-designated Lazarus Group... Sinbad is responsible for materially assisting in the laundering of millions of dollars in stolen virtual currency
Secretary of the Treasury Wall Adeymo said:
While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.
The Lazarus group was sanctioned on 13 September 2019 and is identified as a North Korean Government Hacking group which has been connected to over US$3B in crypto-assets. Crypto analytics company Chainalysis tracked the usage of Sinbad from September 2022 to November 2023 as follow:
Funds from the Axie Infinity and Harmony Horizon bridge attacks as well as Atomic Wallet hacks have been tracked through Sinbad. Chainalysis has flagged addresses beyond the two officially sanctioned bitcoin addresses within their systems to enable automated compliance. TRM Labs has shown substantial flows to Sinbad from hacks:
Despite the significant amount of stolen and sanctioned funds moving through Sinbad, it's creator "Mehdi" told Wired earlier this year that the service was about privacy:
I am against total surveillance, control over internet users, against autocracies and dictatorship ... [e]very living person has the right to privacy.
Mehdi also denied knowledge of the source of hacked funds going through Sinbad, saying:
I couldn't have possibly known about the funds' sources
The ongoing US crackdowns on mixer services highlight a tension in crypto-assets, as the widespread use of public cryptocurrencies may never occur without strong privacy tools because of the traceability of public chain transactions. For example a business would not want competitors to be able to analyze their transaction flow and payments to staff or suppliers, and rightly have an expectation of confidentiality. Governments want to disrupt payments by, to and from criminals and so want visibility into citizens and businesses transactions.
One thing is clear, the blades of US law enforcement will continue to cut up any mixers which permit hacking funds to flow through them.
By Michael Bacina