Eurojust has released a statement highlighting a large-scale operation conducted in Georgia by the Prosecutor General’s Office of Georgia, the United States Secret Service, and the Central Cybercrime Bureau of the Republic of Poland.
According to the Eurojust statement, the Georgian Liaison Department worked in close coordination with the Investigative Division of the Prosecutor General’s Office of Georgia to prepare for the day of action, which took place on June 10.
“A parallel global investigation, supported by Eurojust and Europol, has successfully taken down a website suspected of laundering over USD 336 million worth of illicitly obtained cryptocurrency between 2022 and 2025.
The service, known as ‘AudiA6’, was heavily utilised by individuals involved in ransomware-related cybercrime to cash out stolen digital assets and obscure the movement of illicit funds from law enforcement agencies.
The criminal syndicate behind the website is also believed to have operated a separate cybercrime forum, ‘Dark2Web’, which served as a platform for advertising illegal services and connecting cyber-actors globally.
Using the platform, cybercriminals deposited stolen cryptocurrency into wallets controlled by the syndicate. Within approximately an hour, they received ‘clean’ funds back through a complex chain of transactions designed to mask the origin of the money. The platform’s operators charged a commission fee ranging from 3% to 10% for their services.
Following a policing operation carried out in Georgia on June 10, two suspected administrators were arrested; three real estate properties were searched across the country; 25 domains were shut down, and more than 30 servers were seized; over 80 motor vehicles and numerous real estate assets were seized in Georgia; cryptocurrency equivalent to EUR 692,000 was frozen, and an additional EUR 86,000 worth of cryptocurrency was seized.
International Judicial Cooperation
Eurojust provided vital assistance to the investigating authorities. This support was channelled through the U.S. Liaison Department, representing the U.S. Secret Service (USSS) and the Internal Revenue Service Criminal Investigation (IRS-CI), as well as the Polish National Desk, representing Poland’s Central Cybercrime Bureau and the Regional Prosecution Office in Łódź. The Georgian Liaison Department collaborated closely with the Investigative Division of the Prosecutor General’s Office of Georgia ahead of the June 10 operations.
These actions build upon the prior arrest of a co-conspirator in Poland in September 2025. The suspects in Georgia were apprehended following the issuance of international Red Notices, as part of an investigation led by the Łódź Regional Prosecution Office and the Polish Central Cybercrime Bureau.
Eurojust hosted several coordination meetings to lay the groundwork for law enforcement actions across France, Poland, Georgia, and Iceland. This was facilitated by the Polish and French National Desks at Eurojust, alongside liaison prosecutors from the United States, Georgia, and Iceland. Given the highly intricate nature of this global investigation, Eurojust’s support was instrumental in numerous ways, including providing essential assistance to various jurisdictions in drafting Mutual Legal Assistance (MLA) requests.
Meanwhile, Europol’s European Cybercrime Centre analysed the financial trail behind the money laundering platform. Europol’s cyber and cryptocurrency experts monitored illicit financial flows, assisting law enforcement in identifying the infrastructure behind cross-border movement of criminal proceeds and analysing operational intelligence during the final stages of the investigation.
Creation of Fake Accounts
At the heart of the money laundering scheme lay thousands of mule accounts opened using stolen or purchased personal data. The investigation identified more than 6,000 “Know Your Customer” (KYC) records linked to these money-muling accounts. Many of these profiles were tied to Russian-speaking intermediaries specifically recruited to facilitate the movement of criminal proceeds through cryptocurrency exchanges.
The syndicate used both commercial email services and emails linked to domains under their own control to register these intermediary accounts on various crypto exchanges. These domains are now being made public so that cryptocurrency platforms can identify and block any accounts associated with this money laundering network:
- designli.pictures
- pheontx.eu
- smplfy.in
- sumato-soft.org
- technobrains.dev
- lett.email
- trayo.app
- deliverly.top
- inboxly.top
- postfast.eu
- postino.click
- inboxally.agency
- mailora.eu
- postify.email
- quix.express
- flowcomm.click
- qube.black
- deliverlett.com
- lettermail.eu
The following agencies were involved in the Eurojust-coordinated operation:
United States: US Attorney’s Office for the Eastern District of Pennsylvania; US Secret Service (USSS); Internal Revenue Service Criminal Investigation (IRS-CI); Federal Deposit Insurance Corporation Office of Inspector General (FDIC OIG); Homeland Security Investigations (HSI).
France: Cybercrime Unit of the Paris Public Prosecution Office; Cybercrime Unit of the National Gendarmerie.
Poland: Regional Prosecution Office in Łódź; Łódź Department of the Central Cybercrime Bureau.
Georgia: Investigative Division of the Prosecutor General’s Office of Georgia.
Iceland: Office of the Prosecutor General; Reykjavik Metropolitan Police,” reads the report by Eurojust.
