on-chain analyst ZachXBT alleges that Russian OTC intermediary Aleksandr Khinkis (Aleks) assisted a ransomware group in laundering money from July 2025, through a single cryptocurrency exchange account, involving at least 796 BTC (over $4.7 million).
The suspected funds originated from three ransom payments, which were then circulated on-chain, with some transfers from Bitcoin to Avalanche via a cross-chain bridge and deposited into the exchange address 0xa756…06e. ZachXBT stated that he has forwarded the lead to compliance and law enforcement agencies.
- Allegations of ransomware money laundering through a cryptocurrency exchange account dating back to July 2025.
- 796 BTC (over $4.7 million) from 3 ransom payments have been traced.
- Approximately $16.6 million in related funds remain held at the associated addresses/platforms.
The flow of 796 BTC and suspicions of money laundering through the exchange.
ZachXBT stated that Aleksandr Khinkis is accused of assisting in money laundering for the ransomware group since July 2025, using a trading account on a cryptocurrency exchange.
The funds are suspected to have come from three ransom payments totaling 796 BTC, equivalent to over $4.7 million. The description suggests the goal was to channel the money into the exchange's transaction flow via a single exchange account, obscuring the ransomware's origin.
This information is presented as the conclusion of on-chain analysis, highlighting the Vai of OTC brokers and the use of exchange infrastructure to receive deposits, which can facilitate the next step in the asset liquidation or conversion process.
The transfer route is via Avalanche, the deposit address is 0xa756…06e, and $16.6 million remains outstanding.
on-chain forensics show that a portion of Bitcoin was transferred to Avalanche via a cross-chain bridge, then split and deposited multiple times into the same exchange deposit address 0xa756…06e.
The funds, after being transferred to Avalanche, were Chia into approximately 75 transfers to the deposit address, demonstrating a Shard transaction pattern to limit the likelihood of detection across large transactions. The report also states that an additional $16.6 million in related funds are still being held at these addresses or on related platforms.
ZachXBT stated that it provided leads on the addresses and flow of funds to compliance departments and law enforcement agencies, to assist in investigations and the potential for freezing or recovery of funds.
