U.S., European authorities dismantle AudiA6 crypto mixer; two arrested in Batumi, Georgia

U.S. prosecutors and European authorities said they dismantled a cryptocurrency laundering service known as AudiA6, replacing its websites with seizure banners and disrupting what the Justice Department described as a major route for washing cybercrime proceeds. The DOJ said blockchain analysis found that since AudiA6 launched in 2021, about 10,333 bitcoin worth roughly $389.7 million at the time of the transactions had been deposited into wallets tied to the service. Prosecutors said it was used to help obscure funds linked to ransomware groups, darknet markets and other illicit activity.

Two alleged administrators were arrested in Batumi, Georgia, according to the DOJ and Europol. U.S. prosecutors identified them as Ruslan Igorevich Tkachuk, 37, also known as “AudiA6” and “xai,” and Alexander Vladimirovich Ledenev, 25, also known as “Azazello.” Both are in Georgian custody, and the United States said it will seek their extradition to the Eastern District of Pennsylvania. A criminal complaint filed June 2 and announced publicly Thursday charges both men with conspiracy to launder monetary instruments and sting money laundering. If convicted, each faces up to 20 years in prison, the DOJ said.

Europol said the takedown was part of a coordinated operation involving the U.S. Secret Service, IRS Criminal Investigation, Europol, Eurojust and partner agencies in at least 11 countries. Authorities searched three properties in Georgia, took down 25 domains, seized or shut down more than 30 servers and blocked Telegram accounts linked to the network, according to Europol. The agency also said investigators froze or seized cryptocurrency assets and seized more than 80 vehicles and multiple properties in Georgia. AudiA6 and related pages were replaced with law enforcement seizure notices, according to the DOJ and Europol.

A crypto mixer, sometimes called a coin-mixing or coin-swapping service, takes in cryptocurrency and routes it through multiple transactions or addresses before sending different coins or outputs back to the user. The aim is to make the original source of the funds harder to trace on public blockchains. Law enforcement agencies say that matters because ransomware groups and other cybercriminals often use such services to cash out or move proceeds while obscuring where the money came from. Europol described AudiA6 as a mixer and coin-swapping laundering service that returned “cleaned” funds, often through rapid chains of transactions, and said it was linked to more than 15 ransomware and large-theft investigations.

The U.S. allegations focus on the platform’s overall transaction volume, not on a single wallet seized in the operation. The DOJ said about 393.39 bitcoin, worth roughly $19.23 million at the time of the transactions, came directly from known darknet markets, ransomware groups, cybercrime services and other illicit sources, and prosecutors allege additional funds came indirectly from illicit sources. Europol, using a different currency and time window, said the service handled about 336 million euros from 2022 to 2025. The Australian Federal Police, or AFP, put the figure at about $542 million over 2022 to 2025. The action-day asset figures were much smaller: Europol said 692,000 euros were frozen and 86,000 euros seized, while the AFP said $1.1 million was frozen and $141,000 seized.

“The AFP and our partners have the same goal - to disrupt cybercrime activity and hold alleged offenders to account,” AFP Cybercrime Commander Graeme Marshall said in an Australian Federal Police release.

The operation removed a laundering route that authorities say was used by ransomware actors, darknet vendors and other cybercrime groups, and it did so through a cross-border effort spanning at least 11 countries.