Three Russian nationals have been indicted by the U.S. Department of Justice for their alleged involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in collaboration with the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the U.S. Federal Bureau of Investigation (FBI). The third individual, Anton Vyachlavovich Tarasov, remains at large.
According to the allegations, the defendants operated cryptocurrency mixers, also known as tumblers, that provided a safe space for laundering criminally derived funds, including those obtained from ransomware attacks and wire fraud. These services allowed state-sponsored hacking groups and cybercriminals to profit from their illicit activities by enabling users to send cryptocurrency to designated recipients in a way that obscured the original source and the fact that the funds were proceeds of cybercrimes.
U.S. Attorney Ryan K. Buchanan for the Northern District of Georgia stated that Blender.io and Sinbad.io were utilized by criminals worldwide to launder funds stolen from victims of ransomware, virtual currency thefts, and other illegal activities. Blender.io, which was launched in 2018, was sanctioned by the U.S. Treasury Department in May 2022 after it was discovered that the North Korea-linked Lazarus Group used the service to launder cybercrime proceeds, including those from the Ronin Bridge hack.
Blender.io operated with a “No Logs Policy” and advertised the deletion of all traces of user transactions. The service did not require users to sign up, register, or provide any details except the receiving address. It facilitated money laundering for ransomware groups such as TrickBot, Conti, Sodinokibi, and Gandcrab. Even though Blender.io ceased operations before the sanctions were announced, it was later revealed that the service likely rebranded and relaunched as Sinbad.io in October 2022.
Law enforcement agencies seized the online infrastructure associated with Sinbad.io more than a year later and sanctioned the mixer for processing millions of dollars in virtual currency from Lazarus Group heists. The arrested individuals face charges of conspiracy to commit money laundering and operating an unlicensed money-transmitting business, with a maximum penalty of 25 years in prison if convicted.
In a related development, Chainalysis identified over 1,100 victims of cryptocurrency scams as part of Operation Spincaster and Operation DeCloak, resulting in a collective loss of over $25 million. Scammers typically instruct victims to set up self-custodial wallets, purchase crypto from centralized exchanges in Canada, and send the funds to a self-custody wallet, draining the victim’s funds through destination addresses.
Overall, the crackdown on cryptocurrency-related cybercrime highlights the ongoing efforts of law enforcement agencies to combat money laundering and illicit activities in the digital asset space. The indictments and seizures serve as a warning to cybercriminals and state-sponsored hacking groups that their activities will not go unpunished. Follow The Hacker News on Twitter and LinkedIn for more exclusive content on cybersecurity and emerging threats.