Key Highlights
- International law enforcement coalition successfully dismantled AudiA6, a major cryptocurrency laundering operation serving ransomware criminals
- The criminal enterprise facilitated the laundering of approximately 10,333 BTC, worth an estimated $389 million in historical value, starting in 2021
- Georgian authorities apprehended two key operators β one Ukrainian, age 37, and one Russian, age 25 β with US extradition proceedings underway
- The operation leveraged more than 6,000 fraudulent KYC-verified accounts to channel illicit cryptocurrency through mainstream exchanges
- Authorities simultaneously seized Dark2Web, a darknet platform marketing criminal services
A coordinated international law enforcement effort has successfully taken down AudiA6, a sophisticated cryptocurrency laundering operation that facilitated approximately $390 million in illegal transactions spanning four years. The operation simultaneously dismantled Dark2Web, a connected underground marketplace.
Georgian law enforcement detained two individuals believed to be the network’s primary administrators. The United States Department of Justice has filed extradition requests for both suspects.
The multinational investigation was orchestrated through Eurojust and Europol, bringing together law enforcement agencies from eleven nations: the United States, Australia, France, Germany, the United Kingdom, Canada, Japan, Switzerland, Iceland, Poland, and Georgia.
The AudiA6 Operating Model
AudiA6 functioned as a specialized “mixer-as-a-service” platform. The network accepted tainted cryptocurrency from ransomware operations and various cybercriminal enterprises, then returned laundered funds β typically completing transactions within 60 minutes β while charging commissions ranging from 3% to 10%.
According to blockchain intelligence provider Chainalysis, the operation processed roughly 10,333 Bitcoin from its 2021 inception, representing approximately $389 million in historical valuation.
Forensic analysis identified at minimum 393 BTC β currently valued above $19 million β originating directly from confirmed ransomware operators and underground marketplaces. Investigators determined that over $16 million specifically connected to ransomware attacks and theft passed through the laundering service.
The criminal network circumvented legitimate cryptocurrency platforms by channeling funds through more than 6,000 fraudulent KYC-verified accounts. These compromised “money mule” accounts had successfully completed identity verification procedures, effectively camouflaging the criminal transactions.
Chainalysis investigators also established connections between AudiA6’s fund extraction methods and Russian exchanges under sanctions, including Bitzlato and Garantex, as well as Exploit.in, a Russian-language cybercrime community.
Dark2Web Platform Shuttered
Concurrent with the AudiA6 shutdown, authorities eliminated Dark2Web β an underground forum facilitating connections between cybercriminals and promoting illegal services internationally.
Both clearnet and darknet iterations of these platforms now display law enforcement seizure notices. The operation resulted in the confiscation of 25 domain names, over 30 servers, and 80 vehicles. Approximately $900,000 in cryptocurrency assets were frozen.
According to the Australian Federal Police, AudiA6 processed portions of a ransom payment made by an Australian company following a 2024 ransomware incident.
This enforcement action arrives amid sustained ransomware activity worldwide. First-quarter 2026 data shows ransomware incidents occurring across 97 nations. American targets comprised 64.7% of documented victims, based on Emsisoft reporting.
Check Point Research findings from May revealed that the ten most prominent ransomware operations accounted for 71% of all Q1 2026 victims, indicating concentration among fewer but more prolific criminal groups.
The AudiA6 investigation demonstrates law enforcement’s expanding focus on the financial infrastructure enabling cybercrime β extending beyond individual attack campaigns.
Investigators employed blockchain forensics to map transaction flows, correlate digital wallets with actual operators, and identify exchange accounts linked to criminal organizations β an investigative approach increasingly standard in cryptocurrency-related prosecutions.
