Key Takeaways
- International law enforcement from 11 nations successfully dismantled AudiA6, a major cryptocurrency laundering operation serving ransomware criminals
- The criminal network laundered approximately 10,333 BTC, with a historical value of about $389 million, starting in 2021
- Authorities arrested two key figures — one Ukrainian and one Russian citizen — in Georgia, with US extradition proceedings underway
- The operation exploited more than 6,000 fraudulent KYC-verified accounts to channel illicit cryptocurrency through mainstream exchanges
- Investigators simultaneously seized Dark2Web, an underground marketplace facilitating criminal service advertisements
A coordinated international law enforcement effort has successfully taken down AudiA6, a sophisticated cryptocurrency money laundering operation that cleaned approximately $390 million in illegal proceeds across a four-year span. Authorities simultaneously seized Dark2Web, an associated darknet marketplace linked to the criminal enterprise.
Investigators apprehended two individuals believed to be running the operation in the Republic of Georgia — a 37-year-old Ukrainian citizen and a 25-year-old Russian citizen. US authorities are currently pursuing extradition for both suspects.
The multinational operation received coordination support from Eurojust and Europol, involving law enforcement representatives from the United States, Australia, France, Germany, the United Kingdom, Canada, Japan, Switzerland, Iceland, Poland, and Georgia.
Inside the AudiA6 Operation
AudiA6 functioned as a professional “mixer-as-a-service” platform. The service accepted illicit cryptocurrency from ransomware operations and various cybercriminal enterprises, then returned laundered funds — typically within 60 minutes — while collecting fees ranging from 3% to 10%.
According to blockchain intelligence provider Chainalysis, the criminal enterprise processed roughly 10,333 Bitcoin from its 2021 inception, representing a historical dollar value of approximately $389 million.
Forensic analysis revealed that no less than 393 BTC — currently valued above $19 million — came directly from identified ransomware operations and illicit darknet marketplaces. Investigators determined that over $16 million specifically connected to ransomware attacks and stolen assets moved through this laundering service.
The criminal network weaponized legitimate cryptocurrency platforms by funneling proceeds through more than 6,000 counterfeit KYC-verified accounts. These compromised “money mule” profiles had successfully passed verification procedures, effectively camouflaging the criminal transactions.
Chainalysis research additionally connected AudiA6’s withdrawal infrastructure to Russian exchanges under sanctions, including Bitzlato and Garantex, as well as Exploit.in, a Russian-language cybercrime community.
Dark2Web Marketplace Taken Offline
In addition to dismantling AudiA6, law enforcement shut down Dark2Web — a criminal marketplace forum that connected cybercriminals and promoted illegal services internationally.
Both surface web and dark web iterations of these platforms now display official law enforcement seizure notifications. The operation resulted in confiscating 25 domain names, over 30 physical servers, and 80 motor vehicles. Approximately $900,000 in cryptocurrency assets were frozen during the raids.
According to Australian Federal Police statements, AudiA6 processed a portion of ransom payment from an Australian company victimized by a 2024 ransomware incident.
This takedown arrives during a period of sustained ransomware activity. Ransomware incidents were documented across 97 nations during the first quarter of 2026. United States organizations represented 64.7% of all identified victims, based on Emsisoft data.
Check Point Research disclosed in May that the leading 10 ransomware collectives accounted for 71% of all victims during Q1 2026, indicating the threat landscape is concentrating around fewer but increasingly aggressive threat actors.
The AudiA6 investigation demonstrates that authorities are increasingly focusing on the complete financial infrastructure supporting cybercrime — extending beyond just the initial attacks.
Investigators leveraged blockchain forensics to track transaction flows, associate digital wallets with physical operators, and connect exchange profiles to organized criminal networks — an investigative approach that has become increasingly standard in cryptocurrency-related law enforcement operations.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
