TL;DR
- Chainalysis says law enforcement has dismantled AudiA6, a cryptocurrency laundering network linked to ransomware and darknet activity.
- The company says the network has processed approximately 10,333 BTC since 2021, historically valued at approximately $389 million.
- Authorities have arrested two suspected high-ranking officials in Georgia, while the United States seeks their extradition.
- The case shows the extent to which illicit crypto withdrawal networks can rely on legitimate exchanges, mule accounts and darknet infrastructure.
An international law enforcement operation has dismantled a cryptocurrency laundering network known as AudiA6, according to blockchain analytics firm Chainalysis, in a case that shows how ransomware-related funds can flow through a combination of darknet services, mule accounts and centralized exchange infrastructure.
In a June 11 report, Chainalysis said the operation targeted AudiA6, which it described as a cryptocurrency laundering platform and “mixer as a service” provider used by ransomware actors, darknet marketplaces and other cybercrime services. The company said the network has processed approximately 10,333 bitcoins since its launch in 2021, historically valued at approximately $389 million.
Law enforcement attacks the AudiA6
According to Chainalysis, the coordinated enforcement action involved multiple agencies, including the US Department of Justice, US Secret Service, Europol and other international partners. Authorities arrested two suspected high-ranking officials of the Republic of Georgia: a 37-year-old Ukrainian national and a 25-year-old Russian national. The United States is seeking their extradition.
Law enforcement also seized digital infrastructure in the United States and Europe. Chainalysis said websites linked to AudiA6 and an associated darknet cybercrime forum called Dark2Web were replaced with seizure banners, cutting off access to the infrastructure that would have helped criminal actors advertise, coordinate and cash out illicit proceeds.
The case is significant because the AudiA6 was not presented as a simple standalone mixer. Chainalysis described the network as part of a larger ecosystem in which cybercriminals could connect through Dark2Web, organize laundering services, and move funds through a cash-out pipeline that touched both illicit and legitimate parts of the crypto economy.
How Chainalysis Says the Network Works
Chainalysis said AudiA6 used more than 6,000 KYC-verified Money Mule accounts to help move funds through centralized cryptocurrency exchanges. In practice, this means that the network would have exploited legitimate exchange infrastructure by routing illicit funds through accounts that passed identity checks, making the activity more difficult to distinguish from normal user transactions.
The company said investigators traced at least 393 BTC, historically valued at more than $19 million, directly to known ransomware actors, darknet marketplaces and other cybercrime services. Chainalysis also said that more than $16 million specifically related to ransomware and stolen funds had been washed into the network.
The laundering service would have charged a commission of between 3 and 10%. Chainalysis said the system could return hidden funds to customers within an estimated hour, providing criminal users with a relatively quick way to convert or move funds after attacks.
The report also links AudiA6’s withdrawal infrastructure to sanctioned Russian exchanges, including Bitzlato and Garantex, and states that the network has significant exposure to Exploit.in, a Russian-language cybercrime forum that operates an escrow service. Chainalysis also noted that Europol had identified domains allegedly used by admins to register fraudulent mule accounts, including designli.pictures, delivery.top and inboxly.top.
Why this is important for the application of cryptography
For the broader crypto market, the AudiA6 case is a reminder that enforcement pressure is increasingly focused on the infrastructure around cybercrime, not just initial thefts or ransomware payments. Investigators are looking into where the funds go next, which services facilitate money withdrawals and how illicit actors attempt to blend in with compliant platforms.
This distinction is important. Centralized exchanges and payment networks do not necessarily drive criminal activity, but they can become attractive targets for laundering networks if mule accounts and weak monitoring practices leave enough room for bad actors to operate. The Chainalysis report suggests that AudiA6 relied heavily on this gap.
The case also highlights why blockchain analysis has become a central part of crypto-related law enforcement. Public blockchains can provide investigators with a trace of transactions, but turning that trace into an enforcement measure often requires linking wallets, service infrastructure, domains, withdrawal accounts, and real-world operators.
For legitimate crypto users and businesses, the takeaway is not that crypto is solely criminal. That’s because the same transparency that allows funds to flow globally can also give investigators an idea of when laundering networks become large enough to leave traces behind.
With the removal of AudiA6, law enforcement appears to be sending a clear message that services that help ransomware groups and darknet sellers convert cryptocurrencies into usable funds are now firmly in the crosshairs.
