[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLYZIE2EUeRL_5lB2V2C6itkuQc89HEyUhBpO8wuaQpk":3},{"article":4,"iocs":57},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":36},"731c8d52-bc82-4fb5-b563-7af083977097","Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs","europol-disrupts-audia6-crypto-laundering-service-used-by-ransomware-gangs-9e0f80","Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a \"key financial pipeline used to wash hundreds of millions in illicit profits.\" The service is estimated to have been used to launder more than €336 million (~$389 million) since the","Europol, in collaboration with the U.S. Department of Justice, has dismantled AudiA6, a cryptocurrency laundering service facilitating hundreds of millions in illicit profits for ransomware gangs and cybercriminal networks. The operation led to arrests, domain takedowns, server seizures, and the freezing of cryptocurrency assets. AudiA6 was used to launder over €336 million since 2021, often by obscuring the origin of funds through complex transactions and money mule accounts.","Europol disrupts AudiA6 crypto laundering service used by ransomware gangs.","Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs Ravie LakshmananJun 12, 2026Cybercrime \u002F Dark Web Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a \"key financial pipeline used to wash hundreds of millions in illicit profits.\" The service is estimated to have been used to launder more than €336 million (~$389 million) since the service was launched in 2021. \"The platform became a central hub for ransomware actors and cybercriminals seeking to cash out stolen digital assets while hiding the money trail from authorities,\" the agency added. The operators of AudiA6 are suspected to have also administered a dark web cybercrime forum known as Dark2Web, where cybercriminals advertised illicit services and connected with other threat actors across the world. As part of the operation that took place on June 10, 2026, a number of coordinated actions were carried out, including - The arrest of two alleged administrators of Ukrainian and Russian nationality in Georgia Three property searches Takedown of 25 domains and seizure of more than 30 servers Seizure of more than 80 vehicles and multiple properties in Georgia Freezing cryptocurrency assets worth €692,000 ($798,000) and seizure of €86,000 ($99,400) in cryptocurrency Blocking Telegram accounts used by the network Replacing the clear web and dark web websites of AudiA6 and Dark2Web with a law enforcement seizure banner In tandem, the U.S. Department of Justice (DoJ) announced charges against the two arrested individuals - Ruslan Igorevich Tkachuk, 37, and Alexander Vladimirovich Ledenev, 25 - accusing them of one count of conspiracy to launder monetary instruments and one count of sting money laundering. If convicted, both of them face a maximum possible sentence of 20 years in prison. \"Out of the approximately 10,333 bitcoin deposited, approximately 393.39 BTC (valued at around $19,234,331 at the time of the transactions) were received directly from known darknet markets, ransomware organizations, cybercrime services, and other illicit sources, while additional funds were deposited indirectly from illicit sources into AudiA6 wallets,\" the DoJ said. Europol said the crackdown was the result of an earlier enforcement action carried out by the Polish Police that led to the arrest of an Ukrainian national in September 2025 for their alleged involvement in money laundering activities connected to the AudiA6 group. This made it possible for authorities to initiate a forensic examination of the seized electronic devices belonging to the suspect and identify additional individuals linked to the operation. AudiA6 has been described as an industrial-scale cryptocurrency laundering operation that relied on thousands of fraudulent exchange accounts opened using stolen or purchased identities. The criminal service has been linked to more than 15 investigations worldwide related to ransomware attacks and large-scale cryptocurrency theft. Prior to its disruption, AudiA6 was marketed as a cryptocurrency mixing service guaranteeing anonymity and speed. It allowed customers to transfer their ill-gotten proceeds to wallets controlled by the group and received \"cleaned\" funds in return within an hour through a \"complex chain of transactions\" designed to conceal the origin of the funds. These transactions took place over private messaging platforms, with the operators charging commissions ranging from commissions of between 3 percent and 10 percent. \"More than 6,000 Know Your Customer (KYC) records linked to money mule accounts were identified during the investigation,\" Europol said. \"Many of the mule accounts were connected to Russian-speaking intermediaries recruited specifically to help move criminal proceeds through cryptocurrency exchanges.\" AudiA6 is also said to have relied on both commercial email providers and email addresses linked to domains under their control to register money mule accounts with various cryptocurrency exchanges. The names of the domains are listed below - designli.pictures pheontx.eu smplfy.in sumato-soft.org technobrains.dev lett.email trayo.app deliverly.top inboxly.top postfast.eu postino.click inboxally.agency mailora.eu postify.email quix.express flowcomm.click qube.black deliverlett.com lettermail.eu In a report published in November 2021, Intel 471 disclosed that AudiA6 required a minimum balance of 27 bitcoins and that it charged a flat service fee between 3 percent and 5.5 percent. As recently as December 2025, a TRM Labs analysis found that funds stolen from the 2022 LastPass hack were routed through Cryptex and AudiA6. The investigation was carried out by the United States Secret Service and the IRS Criminal Investigation, along with the Polish Police and law enforcement partners from Australia, Canada, France, Georgia, Germany, Iceland, Japan, Switzerland, and the U.K. The findings illustrate the rise of industrial-scale cryptocurrency laundering services that enable the cybercrime economy, as well as the use of fraudulent exchange accounts, mule wallets and privacy-focused tools designed to cover up the money trail and bypass anti-money laundering controls. \"Ransomware groups and cybercriminal networks are increasingly relying on chain-hopping, decentralised exchanges and 'mixer-as-a-service' platforms to move illicit cryptocurrency across multiple blockchains within minutes, helping criminal profits disappear into the digital underground,\" Europol said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Blockchain, cryptocurrency, Cybercrime, cybersecurity, dark web, Europol, law enforcement, money laundering, ransomware ⚡ Top Stories This Week Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes New HTTP\u002F2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis [Guide] Transform Network Operations with Intelligent Workflows See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo]","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Feuropol-disrupts-audia6-crypto.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEi8Of2v3fH68mBon8j-FkHg2vnpmDnEko0AOFIqTz07PQRxQdYgAO78dWxylFMVzJT4Z4Q8WI88zsOr6mRyBIW1Ym4gVAE21meQ3GqosaIn9f6i8u2bIuiq9Nn-pa0vYFqLK1Cy_evX4KEP_lfBD9UlmiqAl9SDjuXWbRTe8pnDnFDwgiMXEFcHi5lvDryQ\u002Fs1600\u002Fdark2web.jpg","2026-06-12T06:38:41+00:00","2026-06-12T10:00:14.563838+00:00",8,[18,21,23,26,29],{"name":19,"type":20},"Europol","vendor",{"name":22,"type":20},"U.S. Department of Justice",{"name":24,"type":25},"ransomware gangs","threat_actor",{"name":27,"type":28},"AudiA6","product",{"name":30,"type":28},"Dark2Web","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":31,"icon":33,"name":34,"slug":35},null,"Threat Intelligence","threat-intelligence",[37,42,47,52],{"category":38},{"id":39,"icon":33,"name":40,"slug":41},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",{"category":43},{"id":44,"icon":33,"name":45,"slug":46},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":48},{"id":49,"icon":33,"name":50,"slug":51},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":53},{"id":54,"icon":33,"name":55,"slug":56},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",[58],{"type":51,"value":27,"context":59},"Cryptocurrency laundering service."]