North Korean Hackers Turn to YoMix After Sinbad Sanctions

The North Korean hacking group Lazarus Group has increasingly turned to the cryptocurrency mixer YoMix following sanctions imposed on the Sinbad service, according to the analytics firm Chainalysis.

They discovered that in 2023, the inflow of funds to YoMix increased fivefold, with about a third of the assets originating from wallets linked to cryptocurrency platform hacks.

To launder funds, Lazarus also actively uses cross-chain bridges. Last year, $743.8 million associated with criminal activity was sent through these bridges, double the amount in 2022 ($312.2 million).

Analysts estimate that in 2023, cybercriminals laundered at least $22 billion through various services that obscure the origin of funds. In 2022, this figure was $31.5 billion.

However, mixers are losing popularity: in 2023, they received cryptocurrencies worth $504.3 million from crime-linked addresses compared to $1 billion in 2022.

Among centralized exchanges, five platforms processed 71.7% of illegal transactions last year. According to Chainalysis, 109 exchange addresses received a total of $3.4 billion in “dirty” cryptocurrency.

Sinbad became the main mixer for laundering cryptocurrencies for the Lazarus group after the blocking of Blender and Tornado Cash. However, in November 2023, OFAC also imposed sanctions on it.

According to a report by TRM Labs, North Korean-linked hackers stole at least $600 million last year and are responsible for nearly a third of cyber incidents.