Arrests after a US-Europol coordinated takedown
Ruslan Igorevich Tkachuk, 37, and Alexander Vladimirovich Ledenev, 25, are in custody in Georgia after international investigations that involved the US, Europol, and 10 other countries, according to a press release from the US Attorney’s Office for the Eastern District of Pennsylvania.
The US will seek their extradition. If convicted, each man faces a maximum sentence of 20 years, the US Attorney’s Office said.
Europol described AudiA6 as “the most trusted by ransomware gangs and cybercriminal networks” and linked it to “over 15 international cybercrime investigations.”
“AudiA6” and Dark2Web allegedly marketed concealment
The takedown targeted the organization’s infrastructure. Investigators searched properties, froze cryptocurrency, and replaced the group’s websites with law enforcement seizure banners, according to the US Attorney’s Office.
The AudiA6 site and the Dark2Web forum were reportedly replaced by seizure notices. The US Attorney’s Office also alleged that the pair ran Dark2Web.
On the Dark2Web forum, AudiA6 allegedly “explicitly offers to conceal and disguise” cryptocurrency tied to criminal activity for a fee of up to five percent, per the US law enforcement blockchain analysis referenced in the Protos report.
Deposits tied to illicit activity, US blockchain analysis says
US law enforcement estimates that over 10,000 bitcoin (BTC) were deposited into AudiA6 since it launched in 2021. Of that total, almost 400 BTC were deposited directly from illicit sources, with additional funds said to be indirectly linked to illicit activity.
If correct, the numbers sketch a laundering pipeline that did not rely only on one or two heists. It also suggests repeated funneling from many actors, not a one-off transaction batch.
The key caveat is still legal. These are allegations and estimates tied to law enforcement analysis, not a final court finding.
Key facts from the Protos report
| Item | What the source says |
|---|---|
| Accused | Ruslan Igorevich Tkachuk and Alexander Vladimirovich Ledenev |
| Alleged operation | Crypto laundering service “AudiA6” plus forum “Dark2Web” |
| Arrest location/status | Residents of Georgia, in custody in Georgia, per US Attorney’s Office |
| US action | Seek extradition |
| Max sentence | Up to 20 years each, per US Attorney’s Office |
| Laundering claims | “Conceal and disguise” for fees up to 5% |
| Estimated deposits | Over 10,000 BTC into AudiA6 since 2021 |
| Illicit share | Almost 400 BTC directly from illicit sources, more indirectly linked |
The exchange question: KuCoin scrutiny heats up
Separate from the criminal case, the Protos report highlights ongoing scrutiny of KuCoin.
Blockchain investigator ZachXBT called AudiA6 “one of the top” users of KuCoin, alleging it ran “centralized mixing services for cybercriminals.” ZachXBT also alleged AudiA6 laundered funds stolen from Swissborg and from LastPass users starting December 2022, according to the Protos write-up.
ZachXBT questioned why KuCoin would “allow” laundering of funds stolen via a fake Ledger app and from crypto ATM Bitcoin Depot, as referenced in the Protos report.
The Protos article also cites SEAL contributor Nick Bax, who claimed KuCoin “facilitated” laundering of “a very large amount” of LastPass stolen funds. Bax said KuCoin would “often release the funds back to the launderers,” despite “rare” temporary freezes. He also pointed to AudiA6 allegedly advertising “key sweeping,” including mass draining linked to compromised seed phrases.
Those claims are not part of the US extradition case. But they add pressure to the exchanges involved in the on-ramps and off-ramps of illicit flows.
What happens next
The immediate deadline sits in the extradition process. The US will seek to move the suspects into its jurisdiction after arrest custody in Georgia, per the US Attorney’s Office cited by Protos.
Then comes the factual fight. Prosecutors will need to back the allegations about the laundering service, Dark2Web coordination, and the blockchain-linked deposit estimates.
Meanwhile, the exchange allegations raise a different kind of question. Even if investigators freeze some assets and seize infrastructure, the trail often runs through centralized platforms that control liquidity and transaction handling.
, this looks like a classic take-down playbook. It also shows why laundering services chase anonymity tools and exchange liquidity at the same time.