An international police coalition reported that it turned off the servers of AudiA6, a platform identified by security forces as the hidden financial engine of various global computer extortion gangs. The operation exposes the technical and human infrastructure that this service used to try to erase the trace of transactions with bitcoin (BTC) and cryptocurrencies.
Tracing the funds began in the digital records of a seized device. This after in September 2025, the detention of a Ukrainian citizen in Poland allowed computer experts to access a network of internal communications.
The data extracted from these terminals served as a map for the United States Secret Service, the Polish police and Europol to coordinate a simultaneous deployment on several continents, as is detailed in their reports.
The epicenter of the operation was concentrated in Georgia, where local authorities detained two men of Russian and Ukrainian nationality on charges of managing the network.
According to official Europol minutes, the platform processed more than 336 million euros in cryptocurrencies between 2022 and 2025. The procedure included the blocking of 25 web domains and the freezing of 692,000 euros in digital assets, immobilizing the group’s operational structure.
An indelible digital record guided forensic analysts
To understand how AudiA6 works, the researchers describe a business model based on centralized custody of funds. The ransomware gangs transferred their illicitly obtained bitcoin to wallets controlled by the platform’s administrators.
Within about an hour, the service was returning funds split into smaller amounts after having moved them across multiple blockchains to try to break transaction history.
“The service was promoted in darknet forums as a professional solution for anonymity and speed,” Europol sources noted, detailing that The group charged commissions of between 3% and 10%. However, the investigation reveals that this system relied on traditional phishing methods.
To operate, the network opened more than 6,000 accounts on cryptocurrency exchanges using stolen or purchased identities, relying on intermediaries in charge of moving the money; a conventional data trail that allowed forensic analysts to map cryptocurrency networks.
After the dismantling of AudiA6, the authorities admit that the disconnection of a platform does not stop the technical evolution of cybercrime.
Europol’s analytical focus now shifts towards migration of these bands to automated mixing tools and decentralized smart contracts, a phenomenon that the agency plans to evaluate publicly in a technical seminar scheduled for June 30.
The dismantling of AudiA6 is part of greater international cooperation against cryptocurrency laundering. As reported by CriptoNoticias, in May, Mexico and the European Union agreed to exchange intelligence as part of their new offensive on the illicit use of cryptocurrencies.
The illicit volume in cryptocurrencies represents less than 1% of the total traded globally, although in absolute terms it reaches USD 154 billion.