A major international operation has disrupted a cybercriminal money laundering service known as “AudiA6,” which investigators say was used by ransomware actors and other online criminals to convert stolen cryptocurrency into allegedly “cleaned” funds. According to authorities, the service helped disguise the flow of illicit assets from law enforcement by sending stolen digital money through a complex chain of transactions before returning the value to customers in a way intended to obscure the original source. The service reportedly charged commissions between 3% and 10% for the laundering process.
Investigators also say the group behind AudiA6 was operating a separate cybercrime forum called “Dark2Web.” The forum allegedly functioned as a marketplace for illicit services and a coordination point for cybercriminals around the world. Authorities describe the broader operation as an important infrastructure node for online crime, linking ransomware operators, money mules, and laundering channels across borders.
The coordinated action took place on 10 June in Georgia and led to several enforcement measures. Two alleged administrators were arrested in Georgia, three properties were searched, 25 domains were taken down, and more than 30 servers were seized. Authorities also confiscated over 80 vehicles and multiple properties in Georgia. In addition, EUR 692,000 in cryptocurrency was frozen and more than EUR 86,000 in cryptocurrency was seized during the action.
The investigation was supported by extensive international judicial cooperation. Eurojust assisted the investigative authorities and coordinated efforts with the United States Secret Service and IRS Criminal Investigation through its U.S. Liaison Desk. Eurojust also worked with the Polish Central Cybercrime Bureau and the Regional Prosecutor’s Office in Łódź through the Polish National Desk, while the Georgian Liaison Desk coordinated with the Investigation Department of the Office of the Prosecutor General of Georgia in preparation for the operation.
The case had already advanced before the June action day. One co-perpetrator was arrested in Poland in September 2025, and the detention of suspects in Georgia was carried out on the basis of a red diffusion issued by the Regional Prosecutor’s Office in Łódź as part of the Polish investigation. Several coordination meetings were held at Eurojust to prepare judicial measures in France, Poland, Georgia and Iceland, with support from the relevant national desks and liaison prosecutors from the United States, Georgia and Iceland.
Europol’s European Cybercrime Centre played a central role in analysing the financial trail behind the laundering network. Europol experts traced cryptocurrency flows, mapped the infrastructure used to move criminal proceeds across borders, and provided intelligence support to European law enforcement before the final phase of the investigation.
A major feature of the scheme was the creation of fake accounts using stolen or purchased identities. Investigators identified more than 6,000 Know Your Customer records linked to money mule accounts. Many of these accounts were associated with Russian-speaking intermediaries recruited to move criminal proceeds through cryptocurrency exchanges. The group reportedly used both commercial email providers and email addresses connected to domains under its own control to register these accounts. The domains have now been made public to help cryptocurrency exchanges identify and block accounts linked to the laundering network.
The authorities involved included agencies from the United States, France, Poland, Georgia and Iceland, reflecting the scale and cross-border nature of the investigation.
/origin-imgresizer.eurosport.com/2026/06/06/image-92ddf41e-6b0b-46d8-bdf1-a3e115536430-85-2560-1440.jpeg "Roland-Garros 2026: Alexander Zverev and Flavio Cobolli Face Off in a Friendly Third-Place Clash")
