TL; DR
- Chainalysis says law enforcement has dismantled AudiA6, a crypto-money laundering network linked to ransomware and darknet activity.
- The company says the network has processed approximately 10,333 BTC since 2021, historically valued at approximately $389 million.
- Authorities have arrested two suspected high-ranking executives in Georgia as the US seeks extradition.
- The case highlights how illicit crypto payout networks can rely on legitimate exchanges, mule accounts, and darknet infrastructure.
An international law enforcement operation has dismantled a cryptocurrency money laundering network known as AudiA6, according to the blockchain analytics firm Chain analysisin a case that shows how ransomware-linked funds can move through a mix of darknet services, mule accounts and centralized exchange infrastructure.
In a June 11 report, Chainalysis said the operation targeted AudiA6, which it described as a cryptocurrency laundering platform and “mixer-as-a-service” provider used by ransomware actors, darknet markets and other cybercrime services. The company said the network has processed approximately 10,333 bitcoin since its launch in 2021, historically valued at approximately $389 million.
Law enforcement takes action against AudiA6
According to Chainalysis, the coordinated enforcement actions involved multiple agencies, including the U.S. Department of Justice, the U.S. Secret Service, Europol and other international partners. Authorities arrested two suspected high-ranking executives in the Republic of Georgia: a 37-year-old Ukrainian citizen and a 25-year-old Russian citizen. The United States is demanding his extradition.
Law enforcement has also seized digital infrastructure in the United States and Europe. Chainalysis said the websites associated with AudiA6 and an associated darknet cybercrime forum called Dark2Web were replaced with seizure banners, effectively cutting off access to infrastructure that would have helped criminal actors advertise, coordinate and pay out illicit proceeds.
The case is significant because the AudiA6 was not presented as a simple, standalone mixer. Chainalysis described the network as part of a broader ecosystem in which cybercriminals could connect through Dark2Web, arrange money laundering services and move money through a payout pipeline that touched both illicit and legitimate parts of the crypto economy.
How Chainalysis says the network worked
Chainalysis said AudiA6 used more than 6,000 KYC-verified money mule accounts to move funds through centralized cryptocurrency exchanges. In practice, this means that the network would have exploited legitimate exchange infrastructure by sending illicit funds through accounts that had passed identity checks, making the activity more difficult to distinguish from normal user transactions.
The company said researchers have traced at least 393 BTC, historically valued at more than $19 million, coming directly from known ransomware actors, darknet markets and other cybercrime services. Chainalysis also said that more than $16 million specifically related to ransomware and stolen funds was flushed through the network.
The money laundering service allegedly charged a commission of between 3% and 10%. Chainalysis said the system could return hidden funds to customers within an estimated time frame of one hour, giving criminal users a relatively quick way to convert or move proceeds after attacks.
The report also linked AudiA6’s payout infrastructure to sanctioned Russian exchanges, including Bitzlato and Garantex, and said the network had significant exposure to Exploit.in, a Russian-language cybercrime forum that operates an escrow service. Chainalysis also noted that Europol identified domains allegedly used by administrators to register fraudulent mule accounts, including designli.pictures, deliverly.top and inboxly.top.
Why this matters for crypto enforcement
For the broader crypto market, the AudiA6 case is a reminder that enforcement pressure is increasingly focused on the infrastructure surrounding cybercrime, not just the initial thefts or ransomware payments. Researchers are looking at the next destination of money, which services enable payouts, and how illicit actors are trying to blend into compliant platforms.
That distinction is important. Centralized exchanges and payment rails are not necessarily the origin of criminal activity, but they can become attractive targets for money laundering networks if mule accounts and weak monitoring practices create enough space for bad actors to operate. The Chainalysis report suggests that AudiA6 leaned heavily on that gap.
The case also underlines why blockchain analysis has become a central part of crypto-related law enforcement. Public blockchains can provide investigators with a trail of transactions, but turning that trail into an enforcement action often requires linking wallets, service infrastructure, domains, payout accounts, and real operators.
For legitimate crypto users and companies, the conclusion is not that crypto is only criminal. It’s that the same transparency that allows funds to move globally can also give investigators a map of when money laundering networks become large enough to leave patterns.
With the takedown of AudiA6, law enforcement appears to be sending a clear message: the services that help ransomware groups and darknet vendors turn crypto into usable funds are now firmly in their crosshairs.