According to risk management firm Elliptic, the cryptocurrency mixer known as Blender, which was blacklisted by the US Department of Treasury’s Office of Foreign Assets Control in May, was “most likely” relaunched as Sinbad. Blender was blacklisted in May.

Elliptic said in a report dated Feb. 13 that the results of its investigation into Sinbad revealed that the cryptocurrency mixer was likely a rebrand of Blender and that “the same person or group responsible” was involved. The company claims that Sinbad was the mastermind behind the laundering of around $100 million worth of Bitcoin (BTC) on behalf of the North Korean hacking team Lazarus.

Elliptic reported that after US authorities cracked down on cryptocurrency blenders (as OFAC did with Tornado Cash in August and Blender in May), Lazarus hackers used Sinbad to launder some of the cryptocurrency funds. his attack on the Horizon Bridge in January, resulting in a loss of $100 million. A blockchain investigation of wallets believed to be associated with Blender’s operator also revealed that Sinbad was given $22 million worth of cryptocurrency, plus additional payments were sent to people promoting the blender.

According to Elliptic, “the pattern of on-chain activity is pretty similar for both mixers.” This includes the precise characteristics of the transactions, as well as the use of other services to hide the activities of the mixers. “The operation of the Sinbad mixer is comparable to that of the Blender mixer in several respects, including the use of ten-digit mixer codes, letters of guarantee signed by the service address, and a transaction delay of no more than seven days.”

Elliptic has a theory that the people behind Sinbad may have changed the name after Blender was shut down to “gain the trust of users”. Additionally, OFAC may be considering issuing sanctions against the cryptocurrency mixer. The US Treasury Department is already being challenged in court over the sanctions it imposed on Tornado Cash.

Lazarus is suspected of being behind a number of significant attacks in the cryptocurrency arena, one of which was a breach of Axie Infinity’s Ronin bridge in March that resulted in a $620 million loss. The South Korean government followed suit, implementing its own set of sanctions on North Korean companies linked to cryptocurrency theft.