European Authorities Disrupt Major Cryptocurrency Laundering Operation: AudiA6
In a significant blow to the world of cybercrime, European authorities have successfully dismantled a prominent cryptocurrency laundering service known as AudiA6. This platform, utilized extensively by ransomware gangs and various cybercriminal networks, was central to laundering millions of euros in illicit profits. Europol announced the operation’s success on Thursday, asserting that the dismantling of AudiA6 has effectively severed what they deemed a vital financial pipeline used to launder over €336 million (an approximate value of $389 million) since its inception in 2021.
The agency emphasized that AudiA6 had emerged as a focal point for ransomware actors and cybercriminals aiming to cash out stolen digital assets while effectively obscuring their money trail from law enforcement. Such services have become essential for cybercriminals looking to navigate the complexities of digital transactions without being traced.
The operations to disrupt AudiA6 were conducted on June 10, 2026, involving a series of coordinated efforts across various jurisdictions. Notably, two individuals, believed to be the administrators of AudiA6 and of Ukrainian and Russian descent, were apprehended in Georgia. Furthermore, law enforcement conducted three property searches and executed the takedown of 25 associated domains. The operation resulted in the seizure of over 30 servers, as well as 80 vehicles and multiple properties in Georgia. Authorities also froze cryptocurrency assets worth €692,000 (approximately $798,000) and seized an additional €86,000 (about $99,400) in cryptocurrency. Furthermore, several Telegram accounts linked to the network were blocked, and websites associated with AudiA6 and another cybercrime forum called Dark2Web were replaced with law enforcement seizure banners, effectively rendering them inactive.
In conjunction with these efforts, the U.S. Department of Justice (DoJ) unveiled charges against the two arrested individuals, Ruslan Igorevich Tkachuk, 37, and Alexander Vladimirovich Ledenev, 25. They face serious allegations, including one count of conspiracy to launder monetary instruments and one count of money laundering. If found guilty, they could each receive a maximum sentence of 20 years in prison.
According to the DoJ, out of approximately 10,333 Bitcoin deposited in AudiA6, around 393.39 BTC (valued at approximately $19.2 million at the time of the transactions) originated from well-known darknet markets, ransomware organizations, and other illicit sources. This indicates the breadth of the operation’s reach within the illicit digital currency market.
The disruption of AudiA6 is believed to be a culmination of previous law enforcement efforts, including an operation carried out by Polish police which led to the arrest of a Ukrainian national in September 2025 for purported involvement in money laundering activities connected to AudiA6. This earlier investigation facilitated a forensic examination of electronic devices owned by the suspect, unveiling additional individuals tied to the operation.
Described as an "industrial-scale" cryptocurrency laundering service, AudiA6 relied on a complex network of fraudulent exchange accounts established with stolen or purchased identities. The service’s operations purportedly connected to more than 15 separate investigations globally related to ransomware incidents and significant cryptocurrency theft.
Prior to its disruption, AudiA6 marketed itself as a cryptocurrency mixing service, ensuring clients of anonymity and speed in their transactions. Customers could transfer their illegally obtained funds to wallets managed by AudiA6, receiving "cleaned" funds in return—typically within an hour—via a web of complex transactions designed to obscure the legitimate origins of the money.
The service charged commissions varying between 3% and 10%, highlighting the lucrative nature of such illicit operations. During the investigation, Europol identified over 6,000 Know Your Customer (KYC) records connected to money mule accounts, with many linked to Russian-speaking intermediaries specifically engaged to facilitate the movement of criminal proceeds through cryptocurrency exchanges.
AudiA6 further utilized commercial email providers and email addresses tied to domains they controlled to register money mule accounts across various cryptocurrency platforms. A list of implicated domains included a host of seemingly innocuous names designed to evade detection.
Amidst rising concerns about the proliferation of industrial-scale cryptocurrency laundering operations, experts and law enforcement assert that these services play critical roles in enabling the cybercrime economy. With growing reliance on tactics such as chain-hopping and decentralized exchanges, ransomware groups are leveraging "mixer-as-a-service" platforms to quickly convert and obscure their illicit cryptocurrency across multiple blockchains, effectively enabling them to vanish into the depths of the digital underground.
The investigation exemplifies the collaborative efforts of international law enforcement agencies, including the United States Secret Service, IRS Criminal Investigation, Polish police, and various global partners from nations like Australia, Canada, Germany, and the U.K. By coordinating these diverse efforts, authorities are making substantial headway in combatting the pervasive and evolving threats posed by cybercriminal networks utilizing cryptocurrency for illegal enterprises.