An international law enforcement operation involving 11 countries has dismantled AudiA6, a major cryptocurrency money laundering service. Authorities arrested two administrators, seized infrastructure, and froze $900,000 in crypto. The “mixer-as-a-service” processed over $390 million in illicit funds, primarily for ransomware gangs, between 2022 and 2025 by “cleaning” crypto for a commission.
An international law enforcement operation among 11 countries has shut down AudiA6, a money laundering ring that processed over $390 million in illicit funds between 2022 and 2025. On Wednesday, authorities arrested two administrators in Georgia and froze roughly $900,000 in cryptocurrency, stated the European Union Agency for Criminal Justice Cooperation.
The AudiA6 “mixer-as-a-service” was used by cybercriminals involved in ransomware attacks to cash out stolen crypto. It offered to “clean” crypto within about an hour for a 3% to 10% commission, concealing the movement of illicit funds.
Since 2021, AudiA6 wallets received approximately 10,333 BTC, valued at around $389 million at the time, reported Chainalysis. The cybercrime syndicate behind the service is also reportedly running a separate marketplace forum known as “Dark2Web”.
The crypto laundering ring was facilitated by thousands of fraudulent accounts using stolen or purchased identities. More than 6,000 Know Your Customer records linked to “money mule accounts” were identified during the investigation.
AudiA6 also laundered part of a ransom paid by an Australian business in 2024 following a ransomware extortion attack, according to the Australian Federal Police. Both the regular and dark web versions of AudiA6 and Dark2Web domains have been replaced with seizure banners.
Ransomware was recorded in 97 countries during the first quarter of 2026, but the distribution of attacks is becoming increasingly concentrated. The US accounted for 64.7% of all recorded victims, according to Emsisoft.
“The ransomware ecosystem is once again consolidating around fewer, more dominant operators,” reported Check Point Research in May. The top 10 ransomware groups accounted for 71% of all Q1 2026 victims.
