I just came across a pretty interesting on-chain investigation. According to blockchain analyst ZachXBT, a Russian OTC broker, Aleksandr Khinkis, is allegedly laundering money for a ransomware group, involving more than $4.7 million.

Specifically, these suspicious funds involve three ransom payments, totaling approximately 796 BTC, and all of them are routed through the same exchange account. Even more interestingly, this guy transferred the funds from the Bitcoin network to Avalanche, and then split them across multiple addresses. Right now, about $16.6 million is still sitting in the Aave protocol on Avalanche, and funds are still being withdrawn.

ZachXBT also found that some of those addresses had long been frozen by Tether, for reasons related to the ransomware incident as well. This shows that the activity of this network has been monitored for some time.

Interestingly, this case shows that the money-laundering methods used by ransomware groups are evolving. It’s no longer just a single-chain operation, but rather cross-chain transfers to evade tracking. This poses new challenges to risk control for exchanges and DeFi protocols. Aave and other major protocols now need to be even more cautious, because such large sums of funds could appear in liquidity pools at any time. That’s also why, even though on-chain transparency is an advantage for crypto, it simultaneously leaves nowhere for illegal fund flows to hide. It’s worth keeping an eye on how cases like this develop.