Major Operation Against AudiA6 Crypto Money Laundering
A major collaborative operation led by law enforcement agencies from 11 different nations has successfully dismantled the AudiA6 crypto money laundering operation, significantly impacting the global cybercrime landscape. The initiative, which took place from 2022 to 2025, managed to intercept over 336 million euros, equivalent to approximately $390 million, in illicit financial transactions.
Key Arrests and Seizures
On Wednesday, officials apprehended two key figures in Georgia—nationals from Russia and Ukraine—who were identified as administrators of the AudiA6 platform. In addition to their arrest, law enforcement seized 25 domains, more than 30 servers, and 80 vehicles, along with freezing around $900,000 in cryptocurrency holdings. This operation was coordinated by the European Union Agency for Criminal Justice Cooperation, known as Eurojust.
Operation Details
The AudiA6 service operated as a “mixer-as-a-service”, which allowed cybercriminals to obscure the origins of stolen cryptocurrency and facilitated their cash out options, mainly connected to ransomware activities. Users could “clean” their crypto within an hour for a commission of 3% to 10%. Reports from Chainalysis indicated that since its inception in 2021, AudiA6 wallets processed roughly 10,333 BTC—valued at around $389 million—during the relevant transactions.
Connections to Broader Cybercrime Networks
Additionally, the cybercriminal network behind AudiA6 is allegedly associated with another forum, named “Dark2Web”, which serves as a platform for advertising illegal services and connecting criminals on a global scale, as per Eurojust. The operation involved significant international cooperation, relying on law enforcement from countries including the United States, Australia, Canada, Germany, and others, with coordination through Eurojust and Europol.
Fraudulent Accounts and Ransomware Links
In the course of the investigation, authorities uncovered thousands of fraudulent accounts created using stolen or illegally purchased identities. More than 6,000 records related to these accounts, known as “money mule accounts”, were discovered, mostly tied to Russian-speaking individuals tasked with facilitating the movement of these stolen funds through various crypto exchanges.
Reports also suggested that AudiA6 was involved in laundering part of ransom proceeds paid by an Australian business in 2024 following a ransomware attack, as confirmed by the Australian Federal Police, who participated in the inquiry. Following the operation, both the regular and dark web versions of the AudiA6 and Dark2Web services have been replaced with seizure notices.
Escalating Ransomware Threats
As the threat of ransomware continues to escalate, with a reported 50% increase in such attacks by 2025, data from Emsisoft reveals that 97 countries recorded ransomware attacks in the first quarter of 2026 alone. The statistics indicate that a staggering 64.7% of all victims were located in the United States, highlighting a shift towards dominance by fewer, more powerful ransomware operating groups. According to recent research, the top 10 of these groups were responsible for a staggering 71% of all ransomware incidents reported during the same period.
