Audit log

Every state-changing event for AudiA6 Mixing Service: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 18:37:57Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,776,192

   sig

   2uRXk4C3akPd…97VcCZ3icopyexplorer ↗

   hash

   A2K7zDdt6Snt…6fZ6A8Ggcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (15713 B) ▸

   {"actor":"system:backfill","investigation_id":"7e113721-96f9-4955-a7ea-c8e7bd3ddc14","kind":"publish","page_slug":"audia6-mixing-service","published_at":"2026-05-28T18:37:57.233Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"AudiA6 Mixing Service","sections":[{"content":"AudiA6 operates as a centralized cryptocurrency mixer and exchange service, accessible via both a clearweb website (audia6.best) and a Tor network mirror. The service supports mixing and exchange of multiple cryptocurrencies including Bitcoin, Ethereum, Litecoin, Ethereum Classic, Bitcoin Cash, Bitcoin SV, Monero, and Tether (OMNI). AudiA6 charges a flat service fee of 3% to 5.5% per transaction. The service also offers cash-out exchanges against Russian payment systems including Sberbank, Alpha Bank, and Tinkoff QR codes. Contact channels include Telegram (@obmen_audia6), Jabber (obmen@audia6.online), and qTox. The service publishes Russian-language and English-language versions of its site. Transaction limits range from a minimum of 0.001 BTC to a maximum of 27 BTC (approximately $1.7 million at the time of Intel 471's reporting). The service has advertised a presence on dozens of underground forums and claims to have processed more than $40 million in reserves across multiple currencies.","heading":"Service Overview","severity":"high","sources":[{"credibility":2,"name":"These are the cryptomixers hackers use to clean their ransoms — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/these-are-the-cryptomixers-hackers-use-to-clean-their-ransoms/"},{"credibility":2,"name":"How cryptomixers allow cybercriminals to clean their ransoms — Intel 471","type":"research","url":"https://www.intel471.com/blog/cryptomixers-ransomware"},{"credibility":3,"name":"AudiA6 official website","type":"official","url":"https://audia6.best/en/"},{"credibility":3,"name":"AudiA6 Telegram channel","type":"social_media","url":"https://t.me/obmen_audia6"}]},{"content":"Between April 7 and April 13, 2026, a counterfeit Ledger Live application published under the developer name 'Leva Heal' on the Apple App Store harvested seed phrases from 50 or more victims, resulting in losses exceeding $9.5 million across Bitcoin, Ethereum-compatible chains, Tron, Solana, and XRP. The three largest individual losses were $3.23 million in USDT (April 9), $2.079 million in USDC (April 11), and $1.95 million including 20.64 BTC, 211 stETH, and 70 ETH (April 8). On April 14, 2026, blockchain investigator ZachXBT published findings on Telegram identifying AudiA6 as the centralized mixing service used to process the stolen proceeds. According to ZachXBT, the threat actor routed the stolen assets through more than 150 KuCoin deposit addresses connected to the AudiA6 service. ZachXBT further alleged in a May 22, 2026 report that KuCoin ignored repeated appeals from hack victims and law enforcement agencies seeking to freeze the funds. KuCoin is reported to have frozen suspect accounts, though the initial freeze was limited until approximately April 20 unless extended by authority request.","heading":"Role in Fake Ledger App Theft Laundering (April–May 2026)","severity":"critical","sources":[{"credibility":1,"name":"Your life savings could be gone in one click: How a fake crypto app bypassed Apple's security — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"credibility":2,"name":"KuCoin Ignored Hack Victims and Police Appeals, ZachXBT Says — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/22/kucoin-ignored-hack-victims-and-police-appeals-zachxbt-says/"},{"credibility":2,"name":"ZachXBT Says Apple App Store Fake Ledger App Stole $9.5M From 50+ Victims in One Week — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/zachxbt-says-apple-app-store-fake-ledger-app-stole-9-5m-from-50-victims-in-one-week/"},{"credibility":2,"name":"Fake Ledger app on Apple App Store linked to $9.5M crypto theft — The Block","type":"news_article","url":"https://www.theblock.co/post/397388/fake-ledger-app-apple-app-store-crypto-theft-bitcoin-tron-solana-zachxbt"},{"credibility":2,"name":"Bogus crypto wallet on App Store steals $9.5M — AppleInsider","type":"news_article","url":"https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m"},{"credibility":2,"name":"Fake Ledger App Alert: $9.5M Stolen From 50+ Victims via Apple App Store, Funds Laundered via KuCoin — CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/fake-ledger-app-9-5m-stolen-50-victims-kucoin-laundering/"}]},{"content":"Security researchers at Intel 471 documented AudiA6 as one of four cryptomixing services most popular among cybercriminals in the underground ecosystem, alongside Absolutio, Blender, and Mix-btc. The service maintains active promotional threads on established carding and cracking forums including CrdPro and CardVilla, where it advertises both mixing and cash-out services. According to Intel 471's research, AudiA6 had well-established presences on multiple known cybercrime forums. The service's self-reported claims include servicing tens of thousands of customers and maintaining over $40 million in reserves. The service's clearweb presence, professional site design, and multiple-language support indicate a deliberate effort to attract illicit users while presenting a veneer of legitimacy.","heading":"Underground Forum Presence and Criminal Customer Base","severity":"high","sources":[{"credibility":2,"name":"How cryptomixers allow cybercriminals to clean their ransoms — Intel 471","type":"research","url":"https://www.intel471.com/blog/cryptomixers-ransomware"},{"credibility":2,"name":"These are the cryptomixers hackers use to clean their ransoms — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/these-are-the-cryptomixers-hackers-use-to-clean-their-ransoms/"},{"credibility":3,"name":"AudiA6 Cryptocurrency Mixer and Exchange — CrdPro carding forum (Tier 3)","type":"community_report","url":"https://crdpro.org/threads/audia6-crypto-mixer-btc-ltc-eth-etc-bch-bsv-tetheromni-xrp.27506/"},{"credibility":3,"name":"AudiA6 Cryptocurrency Mixer and Exchange — CardVilla carding forum (Tier 3)","type":"community_report","url":"https://cardvilla.cc/cashout-services-and-drops-for-stuff/audia6-cryptocurrency-mixer-exchange-430063/"}]},{"content":"As of May 28, 2026, AudiA6 does not appear on the OFAC Specially Designated Nationals (SDN) list and has not been publicly sanctioned by the U.S. Treasury Department, FinCEN, or any known foreign financial intelligence unit. No indictments, criminal complaints, or law enforcement seizure orders targeting AudiA6 operators have been identified in publicly available court records as of this date. The absence of a formal designation distinguishes AudiA6 from other mixers such as Tornado Cash and Blender.io, which were sanctioned by OFAC in 2022, and Sinbad.io, sanctioned in 2023. ZachXBT's May 2026 investigation linking AudiA6 to the Ledger app theft may increase the likelihood of regulatory scrutiny. KuCoin, the exchange through which AudiA6 allegedly routed the laundered proceeds, has previously settled anti-money laundering violations with U.S. authorities, paying over $300 million in 2025.","heading":"Regulatory and Law Enforcement Status","severity":"medium","sources":[{"credibility":1,"name":"U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash — U.S. Department of the Treasury","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/jy0916"},{"credibility":2,"name":"KuCoin Ignored Hack Victims and Police Appeals, ZachXBT Says — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/22/kucoin-ignored-hack-victims-and-police-appeals-zachxbt-says/"},{"credibility":2,"name":"Bogus crypto wallet on App Store steals $9.5M — AppleInsider","type":"news_article","url":"https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m"}]},{"content":"AudiA6 operates on both the Tor network and the clearweb, with its primary clearweb domain at audia6.best. The service warns users to verify the direct Telegram link due to alleged impersonators, suggesting active brand awareness and a recurring customer base. The service supports instant exchanges and mixing without mandatory user registration. Its Jabber (XMPP) contact at obmen@audia6.online and qTox support indicate deliberate use of encrypted communication channels favored by illicit service providers. The availability of Russian-language support and cash-out to Russian domestic payment rails (Sberbank, Tinkoff) suggests operational ties to Russian-speaking jurisdictions, though operator identity and precise location remain unverified.","heading":"Operational Security and Infrastructure","severity":"medium","sources":[{"credibility":3,"name":"AudiA6 official contacts page","type":"official","url":"https://audia6.best/en/contact/"},{"credibility":3,"name":"AudiA6 Exchange Service — CrdPro carding forum (Tier 3)","type":"community_report","url":"https://crdpro.cc/threads/audia6-exchange-service-cash-in-btc-eth-ltc-qiwi-qr-tinkoff-and-200-more-cryptocurrencies-cash-in-any-country-in-the-world.27505/"},{"credibility":2,"name":"How cryptomixers allow cybercriminals to clean their ransoms — Intel 471","type":"research","url":"https://www.intel471.com/blog/cryptomixers-ransomware"}]}],"sources_used":[{"credibility":1,"name":"Your life savings could be gone in one click: How a fake crypto app bypassed Apple's security — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"credibility":2,"name":"KuCoin Ignored Hack Victims and Police Appeals, ZachXBT Says — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/22/kucoin-ignored-hack-victims-and-police-appeals-zachxbt-says/"},{"credibility":2,"name":"These are the cryptomixers hackers use to clean their ransoms — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/these-are-the-cryptomixers-hackers-use-to-clean-their-ransoms/"},{"credibility":2,"name":"How cryptomixers allow cybercriminals to clean their ransoms — Intel 471","type":"research","url":"https://www.intel471.com/blog/cryptomixers-ransomware"},{"credibility":2,"name":"ZachXBT Says Apple App Store Fake Ledger App Stole $9.5M From 50+ Victims in One Week — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/zachxbt-says-apple-app-store-fake-ledger-app-stole-9-5m-from-50-victims-in-one-week/"},{"credibility":2,"name":"Fake Ledger app on Apple App Store linked to $9.5M crypto theft — The Block","type":"news_article","url":"https://www.theblock.co/post/397388/fake-ledger-app-apple-app-store-crypto-theft-bitcoin-tron-solana-zachxbt"},{"credibility":2,"name":"Bogus crypto wallet on App Store steals $9.5M — AppleInsider","type":"news_article","url":"https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m"},{"credibility":2,"name":"Fake Ledger App Alert: $9.5M Stolen From 50+ Victims via Apple App Store, Funds Laundered via KuCoin — CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/fake-ledger-app-9-5m-stolen-50-victims-kucoin-laundering/"},{"credibility":2,"name":"ZachXBT Accuses KuCoin of Shielding $13M in Stolen Crypto From German Investigators — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/zachxbt-accuses-kucoin-of-shielding-13m-in-stolen-crypto-from-german-investigators/"},{"credibility":1,"name":"U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/jy0916"},{"credibility":3,"name":"AudiA6 official website","type":"official","url":"https://audia6.best/en/"},{"credibility":3,"name":"AudiA6 Telegram channel","type":"social_media","url":"https://t.me/obmen_audia6"},{"credibility":3,"name":"AudiA6 Exchange Service listing — CrdPro carding forum","type":"community_report","url":"https://crdpro.cc/threads/audia6-exchange-service-cash-in-btc-eth-ltc-qiwi-qr-tinkoff-and-200-more-cryptocurrencies-cash-in-any-country-in-the-world.27505/"},{"credibility":3,"name":"AudiA6 Cryptocurrency Mixer listing — CardVilla carding forum","type":"community_report","url":"https://cardvilla.cc/cashout-services-and-drops-for-stuff/audia6-cryptocurrency-mixer-exchange-430063/"}],"summary":"AudiA6 is a centralized cryptocurrency mixing and exchange service, documented by security researchers and blockchain investigators as a vehicle for laundering illicit funds. In May 2026, blockchain investigator ZachXBT identified AudiA6 as the mixing service used to launder approximately $9.5 million in cryptocurrency stolen from victims of a counterfeit Ledger Live application on the Apple App Store, routing proceeds through more than 150 KuCoin deposit addresses. The service has no known OFAC designation as of May 2026 but maintains an established presence on criminal carding and cracking forums.","timeline":[{"date":"2021-11-01","event":"Intel 471 and BleepingComputer publish research identifying AudiA6 as one of four cryptomixing services most widely used by cybercriminals in the underground ecosystem, alongside Absolutio, Blender, and Mix-btc.","source":"BleepingComputer / Intel 471","source_url":"https://www.bleepingcomputer.com/news/security/these-are-the-cryptomixers-hackers-use-to-clean-their-ransoms/"},{"date":"2026-04-07","event":"A counterfeit Ledger Live application ('Leva Heal' publisher) begins harvesting seed phrases from victims on the Apple App Store. Theft campaign runs through approximately April 13, 2026.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"date":"2026-04-08","event":"Largest single theft day: one victim loses $1.95 million including 20.64 BTC, 211 stETH, and 70 ETH. A second victim loses $3.23 million in USDT on April 9.","source":"Bitcoin.com News","source_url":"https://news.bitcoin.com/zachxbt-says-apple-app-store-fake-ledger-app-stole-9-5m-from-50-victims-in-one-week/"},{"date":"2026-04-14","event":"ZachXBT publishes investigation on Telegram, tracing $9.5 million in stolen crypto through more than 150 KuCoin deposit addresses connected to the AudiA6 mixing service. Apple removes the counterfeit Ledger Live app from the App Store.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/04/14/a-fake-ledger-app-on-the-apple-app-store-just-drained-usd9-5-million-in-crypto"},{"date":"2026-04-20","event":"KuCoin's freeze of suspect accounts linked to the laundering operation is reported to have been set to expire unless extended by formal law enforcement request.","source":"AppleInsider","source_url":"https://appleinsider.com/articles/26/04/14/bogus-crypto-wallet-on-app-store-steals-95m"},{"date":"2026-05-22","event":"ZachXBT publishes a follow-up report alleging KuCoin ignored repeated appeals from hack victims and police, and accuses the exchange of shielding more than $13 million in recently stolen crypto. AudiA6 is identified as the centralized mixer used to facilitate the laundering.","source":"BanklessTimes","source_url":"https://www.banklesstimes.com/articles/2026/05/22/kucoin-ignored-hack-victims-and-police-appeals-zachxbt-says/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b3368bb3-f9f3-48c8-a1eb-743687d74dbecopy