International law enforcement has brought down **AudiA6**, a sophisticated cryptocurrency service that acted as a central hub for laundering over $380 million in proceeds from ransomware attacks and other cybercrimes. **Europol** confirmed that the service has been linked to more than 15 distinct international investigations into ransomware operations, facilitating illicit transactions between 2022 and 2025. "Investigators uncovered what they describe as an industrial-scale cryptocurrency laundering operation built around thousands of fraudulent exchange accounts opened using stolen or purchased identities," **Europol** stated. "Analysis conducted by **Europol** linked the criminal service to more than 15 investigations worldwide involving ransomware attacks and large-scale cryptocurrency theft." ### The Modus Operandi of AudiA6 **AudiA6** was marketed as a "professional cryptocurrency mixing service." In reality, it accepted cybercrime proceeds, obscured their origin through complex transaction routes, and returned "cleaned" funds to criminals within approximately an hour. This service came at a commission of 3-10%. Previous reports from security firms like **Intel471** and blockchain investigator **ZachXBT** had already exposed **AudiA6** for its role in enabling illegal financial activities. ### A Global Collaborative Effort The successful dismantling operation involved authorities from 11 countries spanning Europe, America, and Asia, with support from **Europol** and **Eurojust**. The breakthrough came in September 2025 with the arrest of a Ukrainian national in Poland, who was linked to **AudiA6**. Forensic examination of the suspect's devices provided crucial intelligence, leading investigators to key individuals behind the operation. This intelligence culminated in arrests in Georgia, targeting the alleged administrators of the service. ### Operational Outcomes Yesterday's coordinated action resulted in significant seizures and arrests: * Two individuals arrested in Georgia. * Three properties searched. * 25 domains seized. * 80 vehicles and properties seized. * €86,000 (approximately $99,000) in cryptocurrency seized. * €692,000 (approximately $798,000) in cryptocurrency frozen. * Telegram accounts used by the network blocked.  The two arrested individuals, identified as a Ukrainian and a Russian national, are believed to be administrators not only of **AudiA6** but also of the underground forum **Dark2Web**, a platform where cybercriminals advertised illicit services. Both **AudiA6** and **Dark2Web** websites now display seizure notices. ### Charges and Further Revelations The **U.S. Department of Justice** has named **Ruslan Igorevich Tkachuk** (37) and **Alexander Vladimirovich Ledenev** (25) as senior members of the **AudiA6** platform. They are currently in the custody of Georgian authorities and face potential sentences of up to 20 years in prison for their role in facilitating cybercrime laundering. The **DoJ** stated, "Out of the approximately 10,333 bitcoin deposited, approximately 393.39 BTC (valued at around $19,234,331 at the time of the transactions) were received directly from known darknet markets, ransomware organizations, cybercrime services, and other illicit sources, while additional funds were deposited indirectly from illicit sources into **AudiA6** wallets." Beyond the administrators, authorities also recovered 6,000 'Know-Your-Customer' (KYC) records linked to money mule accounts. **Europol** indicated these accounts were created using stolen or purchased identities, often recruited by Russian-speaking intermediaries. This extensive network of money mules utilized multiple domains to register accounts on cryptocurrency exchanges, information **Europol** has disseminated to help platforms block them and strengthen their defenses against similar illicit activities.