Feds Seize AudiA6 and Dark2Web in $389M Crypto Laundering Case

Summary

An international operation led by the US Secret Service and IRS-CI has dismantled the cryptocurrency laundering service AudiA6 and its associated illegal forum, Dark2Web. Two suspects, Ruslan Tkachuk and Alexander Ledenev, were arrested in Georgia and face charges related to laundering over $389 million in illicit funds, including significant amounts from ransomware and dark web markets. Servers and domains in multiple countries were seized, and the clear and dark web sites are now offline.

Full text

Cyber Crime Dark WebFeds Seize AudiA6 and Dark2Web in $389M Crypto Laundering Case Feds seized AudiA6 and Dark2Web in a major crypto laundering case, arresting two suspects linked to over $389M in alleged illicit transactions. byDeeba AhmedJune 12, 20262 minute read A major international operation has led to the complete shutdown of a cryptocurrency laundering service, AudiA6, and the arrest of its operators in Batumi, Georgia. This development results from a large-scale joint investigation by the US Secret Service Cyber Investigative Section and the IRS Criminal Investigation (IRS-CI). The two individuals arrested have been identified as 37-year-old Ukrainian national Ruslan Igorevich Tkachuk and 25-year-old Russian Alexander Vladimirovich Ledenev. A criminal complaint has been filed against them in the Eastern District of Pennsylvania, in which they are charged with conspiring to launder monetary instruments and to commit money laundering. Both the accused, who are currently in a Georgian jail awaiting extradition, face up to 20 years in prison if convicted. Uncovering the AudiA6 Operation The criminal complaint alleges that Tkachuk and Ledenev were senior members of the AudiA6 organisation. They managed the money laundering service alongside an illegal forum called Dark2Web, where they actively advertised their capabilities. AudiA6 promised to conceal and disguise the origin of traceable cryptocurrency for a fee of up to five percent. Federal investigators used blockchain analysis tools to audit the network’s financial records. They discovered that approximately 10,333 Bitcoin (worth roughly $389,747,417 at the time) were received in AudiA6 wallets since its launch in 2021. Further research revealed that 393.39 BTC (worth around $19,234,331) came directly from ransomware organisations, dark web markets, and similar other cybercrime platforms. Additional illicit funds were routed indirectly into the platform to blend with clean transactions. Seizure of the Criminal Setup The joint action simultaneously targeted the group’s physical and digital assets. Personnel searched three properties and seized digital devices. They blocked active Telegram accounts used by the network and froze remaining cryptocurrency assets. Seizure banner (Source: the US Department of Justice) Furthermore, federal agents took control of the criminal operation by seizing servers and domains located in the United States, Iceland, Germany, and France. Both the clear web and dark web sites for AudiA6 and Dark2Web have been taken offline and replaced with a law enforcement seizure banner. This operation also involved support from Europol, Eurojust, and law enforcement authorities from Australia, Canada, France, Germany, Iceland, Japan, Poland, and Switzerland. According to Europol’s press release, the AudiA6 group used both commercial email providers and email addresses linked to domains under its control to register money mule accounts with cryptocurrency exchanges. Authorities have made the domains public so exchanges can identify and block accounts associated with the laundering service. The listed domains include the following addresses: smplfy.inlett.emailtrayo.apppheontx.eumailora.euqube.blackpostfast.eupostino.clickquix.expresspostify.emaildeliverly.topinboxly.topflowcomm.clicklettermail.eudeliverlett.comdesignli.picturessumato-soft.orgtechnobrains.devinboxally.agency. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AudiA6BlockchainCryproCryptoCyber CrimeCybersecuritydark webDark2Web Leave a Reply Cancel reply View Comments (0) Related Posts Security Cyber Crime Malware Marcher Android Banking Trojan Combines 3 Threats Into 1 Scheme In February 2017 we reported about Marcher Android banking Trojan, which was discovered by Dutch security firm Securify’s… byWaqas Cyber Crime Censorship Scams and Fraud Be Prepared for Jail Time if You Post Fake News on Social Media in Saudi Arabia Saudi Arabia’s Ministry of Culture and Information has issued tough warnings to media organizations that relish spreading rumors… byOwais Sultan Read More Cyber Crime Crypto Terraform Labs Founder Do Kwon Extradited to US, Faces 130-Year Sentence SUMMARY: Do Hyeong Kwon (Do Kwon), the 33-year-old co-founder and former CEO of Terraform Labs, has been extradited… byWaqas Cyber Crime Cyber Attacks Bitcoin exchange hit by DDoS attack after kidnapping of its official (Updated) Bitcoin is one of those cryptocurrencies whose value has rapidly increased making it a lucrative target for cybercriminals… byWaqas

Indicators of Compromise

• domain — smplfy.inlett.email
• domain — trayo.app
• domain — pheontx.eu
• domain — mailora.eu
• domain — qube.black
• domain — postfast.eu
• domain — postino.click
• domain — quix.express
• domain — postify.email
• domain — deliverly.top
• domain — inboxly.top
• domain — flowcomm.click
• domain — lettermail.eu
• domain — deliverlett.com
• domain — designli.picturess
• domain — sumato-soft.org
• domain — technobrains.dev
• domain — inboxally.agency

Entities