Three Russian nationals have been charged for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, according to an indictment unsealed on January 7 by a federal grand jury in the Northern District of Georgia.
The charges stem from an extensive investigation into the laundering of criminal proceeds through these platforms, which authorities allege facilitated cybercrime and jeopardized national security.
Roman Vitalyevich Ostapenko, 55, and Alexander Evgenievich Oleynik, 44, were arrested on 1 December last year following the dismantling of Sinbad.io’s infrastructure in late 2023. A third defendant, Anton Vyachlavovich Tarasov, 32, remains at large.
The Allegations
According to court documents, Blender.io and Sinbad.io provided cryptocurrency mixing services that allowed users to anonymize digital transactions. Malicious actors and state-sponsored hacking groups allegedly exploited these services to launder proceeds from ransomware attacks, cryptocurrency thefts, and other nefarious deeds.
“By allegedly operating these mixers, the defendants made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security. The indictment and arrests announced today, which follow the earlier takedown of the defendants’ criminal infrastructure, yet again demonstrate the value of our international partnerships in countering the global threat from cybercrime,” said Brent Wible, Principal Deputy Assistant Attorney General of the Justice Department’s Criminal Division.
Blender.io, which operated from 2018 to 2022, advertised itself as a service with a “No Logs Policy,” ensuring users’ anonymity by avoiding the collection of personal details. After its shutdown, Sinbad.io emerged, offering similar services until its takedown on 27 November 2023 through coordinated law enforcement actions.
International Collaboration and Sanctions
The investigation’s success is an example of the importance of international cooperation. Authorities from the Netherlands, Finland, and the FBI played critical roles in dismantling Sinbad.io and identifying those responsible for its operations.
“This indictment demonstrates our continued commitment to dismantling infrastructure used by cybercriminals to steal from Americans and hide their ill-gotten gains,” added US Attorney Ryan Buchanan for the Northern District of Georgia.
“Last year, with the assistance of our international partners, we successfully dismantled sinbad.io,” said Acting Special Agent in Charge Sean Burke of the FBI Atlanta Field Office. “However, we did not rest with this initial success. We maintained our focus on identifying the individuals responsible for its development and ensuring their accountability. These indictments serve as a testament to the power of international cooperation.”
Both platforms have been sanctioned by the US Department of Treasury’s Office of Foreign Assets Control (OFAC). Blender.io was sanctioned in May 2022 for laundering funds linked to North Korean hacking groups and ransomware operations. Sinbad.io received similar sanctions in November 2023.
Charges and Penalties
Ostapenko faces one count of conspiracy to commit money laundering and two counts of operating an unlicensed money-transmitting business. Oleynik and Tarasov are each charged with one count of conspiracy to commit money laundering and one count of operating an unlicensed money-transmitting business.
If convicted, the defendants face up to 20 years in prison for the money laundering charges and up to five years for each count related to unlicensed businesses.
Ongoing Investigation
The FBI is leading the investigation, with support from international partners, including law enforcement agencies in the Netherlands, Finland, and Australia.
Trial Attorney Ethan Cantor of the Justice Department’s National Cryptocurrency Enforcement Team and Assistant US Attorney Samir Kaushal for the Northern District of Georgia are prosecuting the case.
Authorities stress that an indictment is merely an allegation, and all defendants are presumed innocent unless proven guilty in court.
For more information, visit justice.gov.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.