US charges operators of cryptomixers linked to ransomware gangs
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency.
Cryptocurrency mixers allow the mixing of deposited crypto assets among many wallet addresses to help obfuscate their source. The services then take a commission from all laundered crypto deposited before sending it to another wallet address owned by the customers.
Russian citizens Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov were each charged on Friday with operating an unlicensed money-transmitting business and conspiracy to commit money laundering.
"According to the indictment, the defendants operated cryptocurrency 'mixers' that served as safe havens for laundering criminally derived funds, including the proceeds of ransomware and wire fraud," said Brent S. Wible, the head of the Justice Department's Criminal Division.
"By allegedly operating these mixers, the defendants made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security."
Blender.io, which operated from approximately 2018 to 2022, was also used by Lazarus hackers to launder $500 million out of the $617 million stolen from Axie Infinity's Ronin bridge, the largest cryptocurrency hack until that date.
Sinbad.io began operating a few months after Blender.io's shutdown, providing users with similar cryptocurrency-mixing services. In November 2023, the U.S., the Netherlands, and Poland seized its clear web and dark web domains in a joint international law enforcement operation.
Sinbad.io and Blender.io were sanctioned by the Department of Treasury's Office of Foreign Assets Control (OFAC) in May 2022 and November 2023 for being used by North Korean state-sponsored hacking groups and ransomware operations to launder stolen virtual currency.
Oleynik and Ostapenko were arrested on December 1, 2024, just over a year after Sinbad.io's online infrastructure was seized, while Tarasov, the third cryptomixer operator, remains at large.
"Blender.io and Sinbad.io were allegedly used by criminals across the world to launder funds stolen from victims of ransomware, virtual currency thefts, and other crimes," U.S. Attorney Ryan K. Buchanan added.
"This indictment demonstrates our continued commitment to dismantling infrastructure used by cybercriminals to steal from Americans and hide their ill-gotten gains."
Treasury hackers also breached US foreign investments review office
New Web3 attack exploits transaction simulations to steal crypto
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-830 Inclusion of Web Functionality from an Untrusted Source
LowCWE-379 Creation of Temporary File in Directory with Insecure Permissions
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-163 Improper Neutralization of Multiple Trailing Special Elements
CWE-1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
Free online web security scanner
