DOJ dismantles crypto laundering platform linked to ransomware groups

Federal prosecutors in Michigan announced the takedown of E-Note, a cryptocurrency exchange allegedly used to launder tens of millions of dollars from ransomware attacks and other cybercrime, while indicting its Russian operator.

What happened

The U.S. Attorney's Office for the Eastern District of Michigan announced a coordinated action with international partners and Michigan State Police targeting E-Note, a cryptocurrency exchange and payment processing service. Law enforcement seized servers, mobile applications, and websites including e-note.com, e-note.ws, and jabb.mn. The announcement coincided with the unsealing of an indictment charging Russian national Mykhalio Petrovich Chudnovets with one count of money laundering conspiracy. The FBI identified more than $70 million in illicit proceeds from ransomware attacks and account takeovers transferred via the E-Note service and associated money-mule network since 2017. U.S. authorities obtained earlier copies of servers that included customer databases and transaction records.

The backstory

Law enforcement agencies worldwide have intensified efforts to dismantle cryptocurrency laundering infrastructure. From November 24 through November 28, German and Swiss law enforcement, supported by Europol, conducted a similar operation targeting Cryptomixer, a cryptocurrency mixing service. Police seized three servers, the cryptomixer.io domain, more than 12TB of data, and over 25 million euros in Bitcoin. Authorities identified more than 1.3 billion euros ($1.5 billion) mixed through Cryptomixer since 2016. Europol announced the takedown on December 1, noting that it previously supported the takedown of an even larger mixer called Chipmixer in 2023.

Going deeper

Authorities allege that Chudnovets controlled and operated E-Note and offered money-laundering services to cybercriminals for years. Prosecutors say he began providing laundering services in 2010 and ran a network between about 2011 and 2025. The platform evolved from a personal operation using "money mules" into a scalable online platform that lowered barriers for criminals moving funds across borders. The funds laundered through E-Note included money stolen or extorted from U.S. victims, including organizations in healthcare and critical infrastructure. The announcement did not indicate that Chudnovets had been arrested, suggesting he may still be in Russia.

What was said

Jacqueline Burns Koven, head of cyberthreat intelligence at Chainalysis, explained that takedowns of laundering services have impacted how cybercriminals operate. She noted that their "crime report reflects a dramatic dip in the use of mixers by ransomware operators, likely due to the disruption of previously favored mixers or distrust in the long-term viability of these services. As a result, we've seen threat actors shift to bridges and instant exchangers."

By the numbers

• More than $70 million in illicit proceeds identified through E-Note since 2017
• Platform operated from approximately 2011 to 2025
• Maximum penalty: 20 years in prison for money laundering conspiracy
• Three domains seized: e-note.com, e-note.ws, and jabb.mn
• More than 1.3 billion euros ($1.5 billion) laundered through Cryptomixer since 2016
  
  

In the know

Money laundering platforms like E-Note help criminals convert stolen funds into usable currency while hiding the money trail. The evolution from manual "money mule" networks to automated cryptocurrency exchanges has made it easier for ransomware operators to profit from their attacks. Money mules are individuals who transfer illegally obtained money on behalf of criminals, often across international borders. Cryptocurrency exchanges and mixing services that facilitate laundering allow cybercriminals to quickly move large sums while avoiding traditional banking oversight, making them enablers of ransomware and other financially motivated cybercrimes.

Why it matters

This takedown directly impacts healthcare organizations that have been targeted by ransomware groups relying on E-Note's services. By dismantling the financial infrastructure that allows ransomware operators to profit from attacks on hospitals and health systems, law enforcement may disrupt active criminal operations. The seizure of customer databases and transaction records could help investigators trace money flows back to specific ransomware attacks on healthcare entities, potentially leading to additional enforcement actions. The coordinated nature of these takedowns, spanning from Europe to the United States, shows that cybercriminals face pressure as their laundering options become limited. For healthcare organizations, disrupting multiple laundering platforms raises the operational costs and risks for attackers, potentially reducing the frequency or severity of ransomware attacks targeting the sector.

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

How do cryptocurrency laundering takedowns affect everyday crypto users?

Most legitimate users are unaffected, but increased scrutiny can lead to stricter compliance requirements and reduced privacy across exchanges.

Why are ransomware groups dependent on laundering platforms instead of cashing out directly?

Direct cash-outs expose criminals to identification and seizure, while laundering platforms obscure transaction trails and jurisdictions.

Could decentralized finance (DeFi) replace services like E-Note for criminals?

Yes, DeFi bridges and instant exchangers are attractive to criminals because they reduce reliance on centralized intermediaries.

What role do sanctions play in disrupting crypto laundering networks?

Sanctions limit access to compliant exchanges and infrastructure, forcing criminals into riskier and less reliable laundering methods.