Federal prosecutors in Michigan say they have dismantled online infrastructure tied to an alleged money laundering operation that moved tens of millions of dollars in proceeds from ransomware and other cybercrime, along with indicting the service’s creator.

The U.S. Attorney’s Office for the Eastern District of Michigan announced a coordinated action with international partners and the Michigan State Police targeting E-Note, a cryptocurrency exchange and payment processing service used to launder illicit funds. The announcement coincided with the unsealing of an indictment charging a Russian national, Mykhalio Petrovich Chudnovets, with one count of money laundering conspiracy.

Authorities allege that Chudnovets controlled and operated E-Note and offered money-laundering services to cybercriminals for years, first as a more personal operation and later through a more scalable online platform. Prosecutors say he began providing laundering services in 2010 and ran a network between about 2011 and 2025. Court documents describe an evolution common in cybercrime ecosystems: services that start as ad-hoc arrangements using “money mules” can become streamlined online businesses that lower the barriers for criminals looking to move funds quickly and quietly across borders.

Authorities did not say whether Chudnovets is in U.S. custody, and the announcement did not indicate that he had been arrested, suggesting he may still be in Russia.

The FBI said it identified more than $70 million in illicit proceeds from ransomware attacks and account takeovers transferred via the E-Note service and associated money-mule network since 2017. The government said the funds included money stolen or extorted from U.S. victims, including organizations in health care and critical infrastructure — sectors that have faced mounting pressure from ransomware groups because of the potentially severe consequences of disrupted services.

As part of the operation, law enforcement seized servers hosting the alleged operation, along with mobile applications and websites listed as “e-note.com,” “e-note.ws,” and “jabb.mn.” U.S. authorities also said they had obtained earlier copies of servers that included customer databases and transaction records, suggesting investigators may be positioned not only to map past flows of money, but also to identify networks of users and intermediaries that relied on the service.

The indictment charges conspiracy to launder monetary instruments, an offense that carries a maximum penalty of 20 years in prison.

The Justice Department credited cooperation from the German Federal Criminal Police Office and the Finnish National Bureau of Investigation, along with Michigan State Police and its Michigan Cyber Command Center.

You can read the full indictment below. 

The post DOJ announces takedown of alleged laundering platform used by cybercriminal groups appeared first on CyberScoop.

European authorities shut down and seized the assets of Cryptomixer, a cryptocurrency mixing service that allegedly facilitated more than $1.5 billion in money laundering for cybercriminals and other illegal activity, Europol said Monday. 

The weeklong operation, part of “Operation Olympia,” netted the seizure of nearly $28 million in Bitcoin, three servers in Switzerland, the cryptomixer.io domain and more than 12 terabytes of data, officials said. The site currently displays a seizure notice, warning that anyone using or operating cybercriminal services is subject to investigation and prosecution. 

The takedown is part of a broader global law enforcement effort to disrupt, confiscate and obtain additional information on the various services cybercriminals rely upon and the individuals leading these operations. 

Cryptomixer, which was accessible on the clear and dark web, mixed more than $1.5 billion in Bitcoin through its infrastructure since its founding in 2016, according to Europol. Officials described the mixing service as “the platform of choice” for cybercriminals and various crimes, including ransomware, payment card fraud, and drugs and weapons trafficking. 

“Deposited funds from various users were pooled for a long and randomised period before being redistributed to destination addresses, again at random times,” Europol said. “Mixing services such as Cryptomixer offer their clients anonymity and are often used before criminals redirect their laundered assets to cryptocurrency exchanges.”

North Korean-linked Lazarus Group used Cryptomixer and similar services before it shifted to high-volume attacks, according to TRM Labs. Lazarus Group stole $1.46 billion in Ethereum from Bybit in February and laundered $160 million within two days of the attack. 

“North Korea now appears to prioritize speed and automation over traditional anonymity,” researchers said in the wake of the largest cryptocurrency theft on record.

Officials also referenced the 2023 takedown of ChipMixer, the largest mixing service at that time, as an example of law enforcement agencies’ sustained effort to target cryptocurrency mixing services. ChipMixer was allegedly responsible for more than $3 billion in transactions since it began operations in 2017.

The Cryptomixer shutdown drew support from Europol, Eurojust and multiple law enforcement agencies from Germany and Switzerland.

The post Authorities take down Cryptomixer, seize $28M in Switzerland appeared first on CyberScoop.