U.S. Department of Justice Indicts Three Russians for Cryptocurrency Mixing Services

The U.S. Department of Justice (DoJ) announced on Friday the indictment of three Russian nationals for allegedly operating cryptocurrency mixing services Blender.io and Sinbad.io, which were used to launder proceeds from cybercrimes, including ransomware attacks and wire fraud.

Arrest and Charges

Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in a coordinated international operation involving the Netherlands' Financial Intelligence and Investigative Service, Finland's National Bureau of Investigation, and the U.S. Federal Bureau of Investigation (FBI). The location of their arrest has not been disclosed. A third suspect, Anton Vyachlavovich Tarasov, remains at large.

The defendants are accused of facilitating cryptocurrency laundering activities by allowing users to anonymize the origins of illicit funds. These services provided criminals and state-sponsored hacking groups a means to profit from their malicious activities while concealing their digital tracks.

How the Mixers Operated

Blender.io, launched in 2018, and its successor Sinbad.io were cryptocurrency mixing platforms, also known as tumblers. These platforms allowed users to obscure the source of cryptocurrency transactions by mixing their funds with those of other users. The process enabled cybercriminals to launder money derived from ransomware, cryptocurrency theft, and other illegal activities.

Services for Cybercriminals

Blender.io was promoted on online forums as having a "No Logs Policy," claiming to delete any transaction records and requiring no user registration or details aside from the recipient’s cryptocurrency address. The service gained notoriety for laundering funds linked to high-profile cyberattacks.

Notably, the U.S. Treasury Department sanctioned Blender.io in May 2022 after discovering its involvement in laundering proceeds from the North Korea-affiliated Lazarus Group’s activities. This included funds stolen during the hack of the Ronin Bridge.

The mixer was also used by several ransomware groups, including TrickBot, Conti (formerly Ryuk), Sodinokibi (REvil), and Gandcrab, to obfuscate proceeds from their attacks.

Rebranding as Sinbad.io

Although Blender.io ceased operations shortly before the U.S. sanctions, blockchain intelligence firm Elliptic reported in May 2023 that the service had likely rebranded as Sinbad.io. This new platform began operations in October 2022 and continued laundering millions of dollars’ worth of cryptocurrency, including funds from Lazarus Group heists. International law enforcement authorities eventually seized Sinbad.io’s infrastructure and sanctioned the service.

Legal Charges and Potential Penalties

Ostapenko, 55, faces one count of conspiracy to commit money laundering and two counts of operating an unlicensed money-transmitting business. Oleynik, 44, and Tarasov, 32, face one count each of conspiracy to commit money laundering and operating an unlicensed money-transmitting business. If convicted, the defendants face up to 25 years in prison.

Broader Implications for Cryptocurrency Crime

The arrests and charges against these individuals are part of a broader effort to disrupt the use of cryptocurrency mixing services for criminal purposes. Cryptocurrency mixers are increasingly under scrutiny for their role in facilitating illicit transactions and evading regulatory oversight.

Operation Spincaster and DeCloak

The announcement follows news from Chainalysis, which reported over 1,100 victims of cryptocurrency scams as part of two operations, Spincaster and DeCloak, conducted in partnership with Canadian law enforcement. These scams resulted in a collective loss of over $25 million.

Victims were often directed by scammers to create self-custodial cryptocurrency wallets, purchase crypto at centralized exchanges in Canada, and transfer funds to their wallets. Scammers then convinced victims to send cryptocurrency to specific addresses, effectively draining their wallets.

Moving Forward

The DoJ’s efforts to combat cryptocurrency-related crimes highlight the need for stronger regulations and advanced tracking mechanisms to curb illicit activities. The case underscores the importance of international cooperation in holding cybercriminals accountable and securing the cryptocurrency ecosystem.