Meet the creator of North Korea’s favorite privacy service
Sinbad: A Clearnet to Protect Privacy and Security in the Era of Cryptocurrencies and Wall-to-Leading
Mehdi, the person who created Sinbad, would only say that it was created to respond to the growing centralization ofcryptocurrencies and the erosion of privacy promises. The mixer service was named after a fictional Middle Eastern sailor who traded goods around the world. The project is described by Mehdi as a legitimate privacy-preserving technology project, which is similar to privacy focused cryptocurrencies such as Monero or Zcash.
The proceeds from heists that targeted theHarmony Bridge service, in which the North Koreans stole $100 million, as well as the Ronin Bridge service, where the hackers stole a huge $650 million are included in those funds. After the October launch of Sinbad, North Korea’s cyber thieves began to funnel their profits via the peer to peer network, in order to conceal their source of income and avoid being caught red-handed. Sinbad “hit the radar for North Korea quickly,” Plante says, “and it’s become their favorite.”
The Sinbad’s founder argues in an interview with WIRED that the service has no reason to hide. “Sinbad is present in clearnet because it doesn’t do anything bad,” writes the service’s creator and administrator, who asked to be called “Mehdi,” using the term “clearnet” to mean a website not hidden on the Tor network.
“I am against total surveillance, control over internet users, against autocracies and dictatorships,” Mehdi adds. “Every living person has the right to privacy.”
The US Treasurys Office of Foreign Assets Control said any service that indiscriminately facilitates anonymous transactions is a threat to the country.
Most mixers attempt to obscure the originators and recipients of transactions by scrambling funds from a large number of people. By the time depositors withdraw their funds to separate addresses, it is no longer clear whose crypto is whose.
But one of the early architects of the Tornado Cash project, Ameen Soleimani, has announced that he’s launching a successor to the sanctioned mixer, Privacy Pools, which he says will still allow users to make private, largely untraceable transactions while discouraging money laundering and other illegal activities.
“If Americans want privacy, we have to figure out how to operate within the regulatory paradigm,” says Soleimani (who describes Pertsev’s imprisonment as an “affront to justice”).
A demo will be presented at ETH Denver in March, with limits on the amount of funds that can be deposited due to the code not being properly audited for bugs. “It’s not a ‘put all your money in’ kind of launch,” Soleimani says, “it’s a ‘let’s start a conversation’ kind of launch.”
That conversation, he says, is about whether it’s technically possible to satisfy authorities’ need to trace the passage of stolen cryptocurrency while still affording crypto users the financial privacy they demand.
Privacy Pool will use a cryptography technology called a “zero-knowledge proof,” by which users are able to demonstrate that their crypto withdrawals are unconnected to deposits made by known criminal wallets.
The mechanics of the zero-knowledge proof are a mystery to Soleimani. He decided to use it after being approached by an anonymous developer known as Twister, who is working on implementation of the technology. Soleimani says he doesn’t know much about Twister but isn’t concerned about working with an unknown quantity because the service is just a pilot at the moment.
Andrew Thurman, head of content at blockchain analytics company Nansen, says these kinds of proofs are “poised to play a key role” in affording anonymity to crypto users. The technology is gaining traction in crypto circles as developers explore different applications; Ethereum side-chain Polygon is making particularly heavy use of it, and Buterin has been vocal about its potential.