The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io.
Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the U.S. Federal Bureau of Investigation (FBI).
It was not revealed from where they were apprehended. The third individual, Anton Vyachlavovich Tarasov, is still at large.
The defendants have been accused of operating cryptocurrency mixers (aka tumblers) that served as safe havens for “laundering criminally derived funds,” including the proceeds of ransomware and wire fraud, thereby allowing state-sponsored hacking groups and cybercriminals to profit off their malicious operations.
Specifically, they allowed their paying users to send cryptocurrency to designated recipients in a manner designed to obfuscate the source of the cryptocurrency and the fact that they originated from various cyber crimes.
“Blender.io and Sinbad.io were allegedly used by criminals across the world to launder funds stolen from victims of ransomware, virtual currency thefts, and other crimes,” said U.S. Attorney Ryan K. Buchanan for the Northern District of Georgia.
Blender, launched in 2018, was sanctioned by the U.S. Treasury Department in May 2022 after it turned out that the North Korea-linked Lazarus Group used the service to launder cybercrime proceeds, including those stemming from a hack of Ronin Bridge.
“The service was advertised on a popular internet forum as having a ‘No Logs Policy’ and deleting any traces of user transactions,” the DoJ said. “Additionally, in the advertisement, Blender was described as not requiring users to sign up, register, or ‘provide any kind of detail except the receiving address!'”
It’s also accused of facilitating money laundering for Russia-aligned ransomware gangs like TrickBot, Conti (formerly Ryuk), Sodinokibi (aka REvil), and Gandcrab. While Blender ceased operations a month prior to the sanctions announcement, blockchain intelligence firm Elliptic revealed in February 2023 that the service “highly likely” rebranded and relaunched as Sinbad in early October 2022.
More than a year later, international law enforcement authorities seized the online infrastructure associated with Sinbad and sanctioned the mixer for processing millions of dollars’ worth of virtual currency from Lazarus Group heists.
Ostapenko, 55, has been charged with one count of conspiracy to commit money laundering and two counts of operating an unlicensed money-transmitting business.
Oleynik, 44, and Tarasov, 32, have been charged with one count of conspiracy to commit money laundering and one count of operating an unlicensed money-transmitting business. If convicted, all three defendants face a maximum penalty of 25 years in prison for the charges.
The development comes as Chainalysis said it identified over 1,100 victims of cryptocurrency scams as part of Operation Spincaster and Operation DeCloak in partnership with Canadian law enforcement authorities, resulting in an estimated collective loss of over $25 million.
In these scams, victims are typically instructed by scammers to set up their own self-custodial wallet, purchase crypto at centralized exchanges (CEXs) in Canada, and send these funds to a self-custody wallet.
“Scammers make payments to victims, enticing them to add funds into their self-custodial wallets,” Chainalysis said. “Scammers then entice victims to send crypto to destination addresses, thereby draining the victim’s wallet/funds.”
