3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Sinbad

Sinbad

ID: c133b1b7c4114f8a4e43e26c7e8e58bd78905
Darkweb Market/Service Money Laundering
Threat types: Mixing, Laundering, Obfuscation
Unknown
Updated: 2026-02-18
Created: 2025-10-24
Progress: 72% Completeness: 73% Freshness: 70%
Operation zone:
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

Sinbad (Sinbad.io) is an illicit cryptocurrency mixing service publicly sanctioned for facilitating money laundering of stolen virtual currency, including activity linked in public reporting to DPRK-associated Lazarus Group laundering pipelines.


Technique Technique name Tactics Evidence
T1657 Financial Theft TA0040
  • 2023-11-29 — OFAC describes Sinbad as materially assisting laundering of stolen virtual currency and cites laundering of proceeds from major heists. · ref
  • 2025-01-10 — DOJ describes mixers as safe havens for laundering criminally derived funds including ransomware proceeds and virtual currency thefts. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-18T17:53:39+00:00

Sinbad - money-laundering facilitator

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE



Executive Summary

Sinbad refers to a cryptocurrency mixing (“tumbling”) service branded as Sinbad / Sinbad.io, assessed to have been used as a money-laundering facilitator for proceeds of major cryptocurrency thefts, including activity attributed by U.S. authorities to the DPRK-aligned Lazarus Group. The service was sanctioned by the U.S. Treasury (OFAC) on 2023-11-29 and its online infrastructure was seized in a coordinated law-enforcement action (per OSINT reporting and subsequent DOJ statements). INFERENCE (confidence: medium): Sinbad operated as a cybercrime-as-a-service laundering utility primarily serving high-risk users (state-linked and financially motivated cybercriminals), rather than a “market” in the classic goods marketplace sense.

  • Actor type: Illicit service (crypto mixer / laundering infrastructure)
  • Primary function: Obfuscate transaction provenance and counterparty linkage on the Bitcoin blockchain via mixing/tumbling workflows.
  • Branding / identifiers: “SINBAD”, “SINBAD.IO” (surface domain and Tor onion), support/advertising email contacts, and associated Bitcoin deposit addresses.
  • Assessed motivation: Financial gain through fee-based laundering facilitation.

Sinbad fits the broader “crypto laundering services market” that enables monetization pipelines for ransomware and large-scale virtual asset theft. Such services reduce the operational friction for threat actors to convert stolen assets into spendable funds and help sustain repeat-offender ecosystems.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook: Sinbad (Crypto Mixer / Laundering Service)

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-18T17:46:11+00:00

IOC Appendix (TLP:WHITE) — Sinbad (crypto mixer / laundering service)

Note: This appendix focuses on service identifiers and sanctioned indicators. Some infrastructure may be historical due to seizures/takedowns.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-18T17:49:37+00:00

OSINT Library (TLP:WHITE) — Sinbad

This library lists curated open sources used to support the dossier and MITRE mapping. Links open in a new tab.

Treasury sanctions mixer used by the DPRK to launder stolen virtual currency

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
su*****@sinbad.io Restricted Not integrated
ad*@sinbad.io Restricted Not integrated
Address Verification SOCMINT
sinbad.io Restricted Not integrated
Address Verification SOCMINT
sinbadiovklgdbafpqvwfwjh2tfrisahtxmrskiovt62nirragcnkcad.onion Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.