International Police Bust $390M Crypto Money Laundering Ring

Alongside the AudiA6 takedown, law enforcement seized Dark2Web, a criminal services marketplace that connected cybercriminals and promoted illegal offerings. Both the clearnet and darknet versions of the platforms now display seizure notices. The operation confiscated 25 domain names and more than 30 servers, along with 80 vehicles. Roughly $900,000 in cryptocurrency was frozen.

The Australian Federal Police said AudiA6 processed portions of ransom payments made by an Australian company after a 2024 ransomware incident.

Ransomware activity has remained high. During the first quarter of 2026, incidents were recorded in 97 nations. U.S. organizations made up 64.7% of all identified victims, according to Emsisoft data. Check Point Research reported in May that the top 10 ransomware groups were responsible for 71% of all attacks in Q1 2026, a sign that the ecosystem is concentrating among fewer but more prolific actors.

The AudiA6 operation shows law enforcement shifting further into blockchain forensics as a standard investigative tool. Investigators mapped transaction flows, linked digital wallets to physical operators, and tied exchange accounts to criminal networks. That approach has become increasingly common in cryptocurrency-related enforcement cases across multiple jurisdictions.

European Union agencies Eurojust and Europol coordinated the operation, which brought together teams from the U.S., Australia, France, Germany, the U.K., Canada, Japan, Switzerland, Iceland, Poland, and Georgia.

The takedown removes one of the largest commercial mixers that served ransomware groups and darknet markets. For exchanges and custody providers that rely on blockchain surveillance, the event reinforces the importance of transaction screening beyond the first hop. The mixer's use of sanctioned Russian exchanges and compromised KYC accounts shows how operators have built alternate on-ramps that bypass standard compliance checks.