{"id":1497,"date":"2025-01-13T18:33:20","date_gmt":"2025-01-13T18:33:20","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1497"},"modified":"2025-01-13T18:33:20","modified_gmt":"2025-01-13T18:33:20","slug":"us-attacks-ransomware-supply-chain-with-indictment-of-three-cryptocurrency-mixer-operators","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1497","title":{"rendered":"US attacks ransomware supply chain with indictment of three cryptocurrency mixer operators"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The US Department of Justice indicted three Russian citizens on Friday for allegedly running services that helped criminals launder cryptocurrency; the services are suspected to have been used to hide the proceeds of ransomware attacks.<\/p>\n

The US Department of Treasury\u2019s Office of Foreign Assets Control (OFAC) had previously sanctioned the two cryptocurrency mixer services the accused are alleged to have operated, Blender.io<\/a> and Sinbad.io<\/a>, charging that they were used to launder virtual currencies.<\/p>\n

\u201cBy allegedly operating these mixers, the defendants made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security,\u201d said the head of the Justice Department\u2019s Criminal Division, principal deputy assistant attorney general Brent Wible, in a statement<\/a>.<\/p>\n

<\/a>Part of ransomware takedown<\/h2>\n

The now-defunct platforms, Blender.io and Sinbad.io, enabled users to obscure the origins of their cryptocurrency funds for a fee, according to court documents and public records. They became a go-to for criminals, particularly those involved in ransomware attacks, to hide that their illicit gains stemmed from such cybercrimes.<\/p>\n

The earlier sanctions on the mixers, and now the indictments of those accused of operating them, appear to be part of a wider global law enforcement campaign against ransomware operators and those that enable them<\/a>.<\/p>\n

OFAC\u2019s announcement of sanctions on Blender.io had highlighted that the mixer was found facilitating money-laundering for Russian-linked ransomware groups including Trickbot<\/a>, Conti<\/a>, Ryuk<\/a>, Sodinokibi, and Grandcrab<\/a>.<\/p>\n

Active from 2018 to 2022, Blender.io advertised itself as a no-logs cryptocurrency mixer requiring no user details, ensuring anonymity. After Blender\u2019s shutdown, Sinbad.io offered similar services until law enforcement took it down on November 27, 2023.<\/p>\n

<\/a>Still at large<\/h2>\n

Roman Vitalyevich Ostapenko, 55, faces charges of one count of conspiracy to commit money laundering and two counts of operating an unlicensed money transmitting business. Alexander Evgenievich Oleynik, 44, and Anton Vyachlavovich Tarasov, 32, are charged with one count each of conspiracy to commit money laundering and operating an unlicensed money transmitting business.<\/p>\n

If found guilty, each defendant could receive up to 20 years in prison for the money laundering conspiracy and five years for each count of operating an unlicensed money transmitting business, according to Justice Department.<\/p>\n

While Ostapenko and Oleynik were reportedly arrested on Dec. 1, 2024, Tarasov remains at large.<\/p>\n

The US Justice Department said the Netherlands\u2019 Public Prosecution Service and Fiscal Information and Investigative Service played a key role in the case, contributing to the disruption of the Sinbad mixer and offering other valuable assistance.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The US Department of Justice indicted three Russian citizens on Friday for allegedly running services that helped criminals launder cryptocurrency; the services are suspected to have been used to hide the proceeds of ransomware attacks. The US Department of Treasury\u2019s Office of Foreign Assets Control (OFAC) had previously sanctioned the two cryptocurrency mixer services the […]<\/p>\n","protected":false},"author":0,"featured_media":1498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1497","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1497"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1497"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1497\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1498"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}