Cybercrims' $389M Dark Web Laundry: 10,333 BTC Tracked, Servers Seized

For cybersecurity teams, the AudiA6 case is a textbook example of how modern darknet laundering services operate: a professional obfuscation layer coupled with a forum for advertising, all hosted across a distributed infrastructure spanning four countries. The seizure of servers in the U.S., Iceland, Germany, and France—and the blocking of Telegram accounts—demonstrates the tactical coordination now possible between international cyber units. Analysis of the 10,333 BTC flow shows that even layered funds can be mapped when service operators are identified, providing a valuable case study for threat intelligence and blockchain forensics.

The U.S. Department of Justice has charged Ruslan Tkachuk and Alexander Ledenev with laundering $389 million through a cryptocurrency obfuscation service tied to the Dark Web, marking one of the largest darknet-linked money laundering takedowns in recent years. Arrested on June 10 in Batumi, Georgia, the two men—a Ukrainian and a Russian national—allegedly operated AudiA6, a service that charged fees to obscure the origins of cryptocurrency transactions. Since 2021, AudiA6 received over 10,333 Bitcoin (BTC), valued at approximately $389.7 million at the time of the indictment. The operation highlights the continued misuse of cryptocurrency in layered laundering schemes, where only a small fraction of funds came directly from illicit sources, suggesting users employed pre-mixing or chain-hopping to further distance the coins from criminal activity.

“

Since 2021, AudiA6 received over 10,333 Bitcoin (BTC), valued at approximately $389.7 million at the time of the indictment.

The DOJ's complaint reveals that Tkachuk and Ledenev also managed Dark2Web, a cybercrime forum that advertised AudiA6's services, effectively creating a one-stop shop for money laundering and illicit commerce. The international scope of the takedown is striking: agencies including the U.S. Secret Service, IRS Criminal Investigation, Europol, and Eurojust collaborated with authorities from at least 10 countries. Servers and domains were seized in the U.S., Iceland, Germany, and France, and Telegram accounts were blocked. This coordinated effort underscores how law enforcement is increasingly treating crypto-enabled financial crime as a transnational priority, using seizure warrants and domain blocking to disrupt criminal infrastructure.

From a regulatory perspective, the case reinforces the DOJ's aggressive stance on crypto laundering, following parallel actions such as the November 2025 seizure of over 25 million euros from a crypto mixing service by German and Swiss authorities, and the charging of individuals in a $1 billion laundering operation and a Venezuelan scheme. The 20-year maximum prison sentence Tkachuk and Ledenev face if convicted reflects the U.S. government's intention to deter similar operations. The extradition process in Georgia will now determine the speed of their transfer to U.S. soil, a procedural hurdle that could delay the case but not undermine its significance.

The financial and market implications are multifaceted. While the $389 million figure is staggering, the fact that AudiA6 processed over 10,333 BTC over four years with mostly layered funds indicates that significant volumes of illicit crypto flows remain undetected until after the fact. For Bitcoin markets, such enforcement actions typically have a dual effect: short-term volatility due to fear of increased regulatory scrutiny, and long-term credibility gains as the ecosystem demonstrates that illicit actors can be tracked and prosecuted. The banners now displayed on seized AudiA6 and Dark2Web domains are a stark reminder to darknet market participants that anonymity is not absolute.