Europol announced on [date] the takedown of AudiA6, a cryptocurrency laundering service that processed €336 million for ransomware gangs and was linked to over 15 international cybercrime investigations, including stolen funds from the 2022 LastPass breach and Swissborg hack. Prosecutors in the Eastern District of Pennsylvania filed charges against two operators, Igorevich Tkachuk and Alexander Vladimirovich Ledenev, who were arrested in Batumi, Georgia. Undercover transactions revealed operators actively soliciting dirty funds, including proceeds from drug sales, and confirming criminal origins. Approximately 80% of AudiA6's traced illicit exposure ($63 million of $79 million) ties to ransomware. TRM's on-chain analysis independently identified AudiA6 as a ransomware off-ramp in December 2025, tracing $7 million in LastPass-stolen funds via demixing techniques. Ransomware payments totaled ~$1.3 billion in 2025, with off-ramp concentration persisting: the top five services handle 42%-57% of volume annually. Cross-chain bridges have overtaken mixers as primary obfuscation, reaching $100 million in 2025. AudiA6 received funds from groups including ALPHV BlackCat ($9.1M), Qilin ($7.1M), and LockBit ($4.4M).

Key facts

• AudiA6 processed €336 million for ransomware gangs; two operators arrested in Georgia.
• 80% of AudiA6's illicit exposure ($63M) tied to ransomware; LastPass stolen funds traced via demixing.
• Top 5 services handle 42%-57% of ransomware off-ramp volume annually; concentration rebounded to 51% in 2025.
• Cross-chain bridges overtook mixers in ransomware laundering, reaching $100M in 2025.
• ALPHV BlackCat, Qilin, and LockBit were largest ransomware groups sending funds to AudiA6.