The US Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in running cryptocurrency mixing services Blender.io and Sinbad.io.
Roman Vitalyevich Ostapenko and Alexander Evgenievich Aleynik were arrested on December 1, 2024 in coordination with the Financial Intelligence and Investigation Service of the Netherlands, the National Bureau of Investigation of Finland and the Federal Bureau of Investigation (FBI) of the United States.
It is not known where they were detained. The third person, Anton Vyachalavovich Tarasov, is still at large.
The defendants are accused of operating cryptocurrency mixers (tax machines) that served as repositories for “laundering proceeds of crime,” including the proceeds of ransomware and fraud, allowing state-sponsored hacking groups and cybercriminals to profit from their malicious operations.
Specifically, they allowed their paid users to send cryptocurrency to intended recipients in such a way as to hide the source of the cryptocurrency and the fact that it occurred as a result of various cybercrimes.
“Blender.io and Sinbad.io are believed to have been used by criminals around the world to launder funds stolen from victims of ransomware, virtual currency theft and other crimes,” said US Attorney Ryan K. Buchanan for the Northern District of Georgia.
Blender, launched in 2018, was sanctioned by the U.S. Treasury Department in May 2022 after it was revealed that the North Korea-linked Lazarus Group used the service to launder the proceeds of cybercrimes, including those derived from the Ronin Bridge hack.
“The service was advertised on a popular online forum as having a ‘No Logs Policy’ and removing any traces of user transactions,” the Justice Department said. “Furthermore, the ad described Blender as not requiring users to register, register, or ‘provide any details other than a pickup address!'”
She is also accused of facilitating money laundering for Russian-linked ransomware gangs such as TrickBot, Conti (formerly Ryuk), Sodinokibi (aka REvil) and Gandcrab. While Blender shut down a month before the sanctions were announced, blockchain exploration firm Elliptic revealed in May 2023 that the service is “very likely” to be rebranded and relaunched as Sinbad in early October 2022.
More than a year later, international law enforcement agencies captured The internet infrastructure associated with Sinbad and sanctioned the mixer for handling millions of dollars worth of virtual currency from the Lazarus Group thefts.
Ostapenko, 55, was charged with one count of conspiracy to commit money laundering and two counts of operating an unlicensed money transfer business.
Olejnik, 44, and Tarasov, 32, are charged with one count of conspiracy to commit money laundering and one count of operating an unlicensed money transfer business. If convicted, all three defendants face a maximum sentence of 25 years in prison.
The development follows Chainalysis’ statement that it identified more than 1,100 victims of a cryptocurrency scam as part of Operation Spincaster and Operation DeCloak in partnership with Canadian law enforcement, resulting in total losses estimated at more than $25 million.
In these scams, the scammers typically instruct victims to set up their own escrow wallet, buy crypto from centralized exchanges (CEX) in Canada, and send those funds to the escrow wallet.
“Fraudsters make payments to victims by encouraging them to add funds to their self-defense wallets” – Chainalysis said. “Fraudsters then encourage victims to send crypto to destination addresses, thereby draining the victim’s wallet/funds.”
