Article Details

US charges operators of cryptomixers linked to ransomware gangs. The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. Cryptocurrency mixers allow the mixing of deposited crypto assets among many wallet addresses to help obfuscate their source. The services then take a commission from all laundered crypto deposited before sending it to another wallet address owned by the customers. Russian citizens Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov were each charged on Friday with operating an unlicensed money-transmitting business and conspiracy to commit money laundering. "According to the indictment, the defendants operated cryptocurrency 'mixers' that served as safe havens for laundering criminally derived funds, including the proceeds of ransomware and wire fraud," said Brent S. Wible, the head of the Justice Department's Criminal Division. "By allegedly operating these mixers, the defendants made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security." Blender.io, which operated from approximately 2018 to 2022, was also used by Lazarus hackers to launder $500 million out of the $617 million stolen from Axie Infinity's Ronin bridge, the largest cryptocurrency hack until that date. Sinbad.io began operating a few months after Blender.io's shutdown, providing users with similar cryptocurrency-mixing services. In November 2023, the U.S., the Netherlands, and Poland seized its clear web and dark web domains in a joint international law enforcement operation. Sinbad.io and Blender.io were sanctioned by the Department of Treasury's Office of Foreign Assets Control (OFAC) in May 2022 and November 2023 for being used by North Korean state-sponsored hacking groups and ransomware operations to launder stolen virtual currency. Oleynik and Ostapenko were arrested on December 1, 2024, just over a year after Sinbad.io's online infrastructure was seized, while Tarasov, the third cryptomixer operator, remains at large. "Blender.io and Sinbad.io were allegedly used by criminals across the world to launder funds stolen from victims of ransomware, virtual currency thefts, and other crimes," U.S. Attorney Ryan K. Buchanan added. "This indictment demonstrates our continued commitment to dismantling infrastructure used by cybercriminals to steal from Americans and hide their ill-gotten gains."