The US Department of the Treasury’s Office of Foreign Assets Control has sanctioned a key money laundering tool for the Lazarus Group, a hacking group sponsored by, and based in, the Democratic People’s Republic of Korea. (The Lazarus Group was designated in September 2019 pursuant to Executive Order 13722, for its involvement in cyber-espionage, data theft, and ransomware attacks around the world, and its relationship to the Reconnaissance General Bureau, a state-run DPKR clandestine intelligence operations agency).
OFAC’s November 29, 2023 designation targets Sinbad.io, a virtual currency mixer operating on the Bitcoin blockchain. According to OFAC, cyber-criminals and malicious state actors use Sinbad to launder stolen virtual currency – for example, some of the $100 million that was stolen from customers of Atomic Wallet in June 2023. Sinbad is designated pursuant to Executive Order 13694, as amended by Executive Order 13757, for its support of cyber-enabled activity outside of the United States that threatens US national security, its economic health, or financial stability.
As a result of this designation, all property and interests in property of the designated entity within the United States or within the possession or control of a US person are blocked, and US persons are generally prohibited from engaging in transactions involving a designated person. In addition, entities owned 50 percent or more by one or more blocked persons are also blocked.