An international law enforcement operation has dismantled a cryptocurrency laundering service widely used by ransomware gangs and other cyber-criminal groups.
The service, known as ‘AudiA6’, is suspected of laundering more than €336m ($389m) for cybercriminals between 2022 and 2025. It was seized following parallel investigations by law enforcement agencies in Europe and the US.
The investigation uncovered what is described as an “industrial-scale cryptocurrency laundering operation” which exploited thousands of stolen identities and accounts to fraudulently launder cryptocurrency for criminals.
Analysis by Europol suggested that AudiA6 was tied to laundering funds for least 15 ransomware operations and major cryptocurrency theft schemes.
The service used money mules to help transfer stolen cryptocurrency to wallets owned by AudiA6, with the funds passed through several wallets to help obfuscate the origin.
Cybercriminal customers contacted AudiA6 through private messaging apps and could expect to receive their laundered funds in under an hour. The operators charged commissions of up to 10% for the money laundering services.
The suspects behind AudiA6 are also believed to have administered the dark web forum ‘Dark2Web’, a criminal marketplace used to advertise illicit services and connect cybercriminal actors worldwide.
Agencies involved in the takedown were US Secret Service and the IRS Criminal Investigation, the Polish Police service and other European states and agencies, supported by Europol and Eurojust.
The coordinated action took place on June 10 and saw two alleged administrators of the service of Ukrainian and Russian nationality were arrested in the country of Georgia.
Three properties were searched, €692,000 ($800,000) in cryptocurrency was frozen and over €86,000 ($99,000) in cryptocurrency was seized.
Participating officers also took down 25 domains, seizedmore than 30 servers and blocked Telegram accounts used by the criminal network.
To mark the action, the clear web and dark web websites of the AudiA6 service and the Dark2Web cybercrime forum were replaced with a law enforcement seizure banner promoting the takedown.
The investigation reflects what Europol has identified as a growing threat: the rise of industrial-scale cryptocurrency laundering services powering the cybercrime economy.
“Ransomware groups and cybercriminal networks are increasingly relying on chain-hopping, decentralized exchanges and ‘mixer-as-a-service’ platforms to move illicit cryptocurrency across multiple blockchains within minutes, helping criminal profits disappear into the digital underground,” the agency warned.
