Russian nationals arrested by US, accused of running crypto mixers Blender and Sinbad

Three Russian nationals have been indicted for their alleged roles in running two popular cryptocurrency mixing services called Blender.io and Sinbad.io.

The U.S. Department of Justice said two of the men — Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik — were arrested on December 1 but did not say where. A third man, Anton Vyachlavovich Tarasov, is still at large. 

The U.S. sanctioned Sinbad in November 2023 and worked with law enforcement agencies in the Netherlands and Finland to take down the platform. Both Blender.io and Sinbad.io were popular among cybercriminals and nation-state actors from North Korea who used the platforms to launder stolen or illicitly obtained cryptocurrency. 

U.S. officials said Sinbad was the “preferred mixing service” for North Korea’s Lazarus Group — which has been behind several of the largest crypto hacks in recent years. The Sinbad platform obfuscated the origin, destination and parties involved in illicit transactions, with experts noting that it was likely a successor to Blender.io — which was sanctioned in 2022.

“Last year, with the assistance of our international partners, we successfully dismantled Sinbad.io,” said acting Special Agent in Charge Sean Burke of the FBI Atlanta Field Office. “However, we did not rest with this initial success. We maintained our focus on identifying the individuals responsible for its development and ensuring their accountability.”

The Treasury Department and blockchain research firm Elliptic previously said there were infrastructure ties between Blender.io and Sinbad, including shared cryptocurrency wallets and more.

Blender.io operated from 2018 to 2022 and advertised itself on cybercriminal forums — touting its policy of having no logs tracking user activity and pledging to delete any evidence of transactions. 

Court documents say advertisements for Blender explicitly explained the users would not have to “provide any kind of detail except the receiving address!” After Blender.io shut down, Sinbad.io began operating a few months later, prosecutors said. 

“Blender.io and Sinbad.io were allegedly used by criminals across the world to launder funds stolen from victims of ransomware, virtual currency thefts, and other crimes,” said U.S. Attorney Ryan Buchanan.

A federal grand jury in Georgia returned the indictment charging the three on January 7. Ostapenko, 55, is facing one charge of conspiracy to commit money laundering and two counts of operating an unlicensed money transmitting business while Oleynik, 44, and Tarasov, 32, are both charged with one count of conspiracy to commit money laundering and one count of operating an unlicensed money transmitting business. 

All of the defendants are facing between 20 and 30 years in prison. 

The Justice Department did not say where Ostapenko and Oleynik are being held or whether an extradition request was part of the process. A press release said law enforcement agencies in The Netherlands “made significant contributions to the case, including to the disruption of the Sinbad mixer, and provided other valuable assistance.”

The release also said officials in Australia and Finland were pivotal in the operation to take down the platforms.

Principal Deputy Assistant Attorney General Brent Wible, head of the Justice Department’s Criminal Division, said the mixers served as “safe havens for laundering criminally derived funds, including the proceeds of ransomware and wire fraud.”

The defendants “made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security,” Wible said.

Both Blender and Sinbad were sanctioned by the Department of Treasury’s Office of Foreign Assets Control (OFAC) for their role in laundering cryptocurrency stolen by North Korea as well as funds obtained by ransomware gangs.

U.S. officials said they found links to transactions by Russia-linked ransomware groups like Trickbot, Conti, Ryuk, Sodinokibi and Gandcrab. Cryptocurrency-tracking company Elliptic noted that Blender.io also was also used to launder funds from Russian language darknet market Hydra. 

According to the Treasury Department, North Korean hackers used Sinbad to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge — two of the largest crypto thefts on record.

Blockchain research firm Elliptic noted that it has found thousands of additional addresses connected to Sinbad.

“As well as the hacks mentioned by the US Treasury in the press release, Sinbad has also been used to launder some of the proceeds of other major hacks including thefts from Stake.com (September 2023, $41 million), CoinEx (September 2023, $70 million), FTX ($477 million, November 2022), BadgerDAO (December 2021, $120 million) and more,” Elliptic said.

The Treasury Department and other U.S. agencies have sought to limit the ability of state-backed actors and cybercriminals to use cryptocurrency mixing services through sanctions in the last three years. U.S. law enforcement agencies have shut down or sanctioned several platforms, including Tornado Cash and others.

A court removed the sanctions against Tornado Cash in November after crypto giant Coinbase launched a lawsuit.