Avalanche

đź”´ High Risk

The Avalanche network case critically exposes the dark intersection of cryptocurrency technology with sophisticated global money laundering and cybercrime operations. Originally designed as a high-performance blockchain platform, Avalanche’s infrastructure was illicitly exploited by cybercriminals for conducting malware campaigns, managing botnets, and laundering illicit proceeds on a transnational scale. This case underscores how digital assets and decentralized technologies, when embedded within complex fast-fluxing networks, create severe challenges for law enforcement by enabling rapid anonymization and movement of illicit funds, often circumventing existing regulatory frameworks. The unprecedented international cooperation that led to Avalanche’s takedown also highlights the urgent need for robust, adaptive regulatory measures and cross-border enforcement to counteract evolving laundering methodologies deeply entangled with emerging decentralized finance ecosystems.​

The Avalanche case represents a highly sophisticated international cybercrime and money laundering network active since at least 2015, culminating in a major law enforcement takedown announced in 2023. Utilizing a fast-fluxing network infrastructure, the system enabled malware distribution, phishing scams, and laundering of illicit proceeds through money mules and infected computer botnets. Operating across numerous countries with servers in the US, Germany, Canada, and elsewhere, Avalanche allowed cybercriminals to evade detection through rapidly changing domain addresses and decentralized control. The laundering involved converting stolen funds into goods or transferring through multiple accounts to anonymize origin. The multinational enforcement effort involved coordinated legal, investigative, and technical actions to seize control of domains and dismantle the network permanently. Avalanche illustrates the evolving intersection of cryptocurrency, malware, and money laundering on a global scale, underlining the necessity for international cooperation in combating such threats.​

Countries Involved

United States, Germany, Canada, and over 40 other countries involved in multinational cooperation

Investigation began around 2015, major takedown and reporting occurred in early 2023

Avalanche (AVAX), Ethereum (ETH), stablecoins

Money laundering, cybercrime including malware distribution, phishing, ransomware facilitation, and illegal remote control of infected computers (botnets)

Cybercriminal networks operating the Avalanche infrastructure, money mule networks, infected computer networks (botnets), various domain administrators known as “flux” and “flux2”

N/A

Use of Avalanche’s fast-fluxing bulletproof hosting services that regularly change IP addresses to avoid law enforcement detection; employment of money mule systems that transfer illicit funds across multiple accounts or purchase goods to anonymize proceeds; malware that hijacks infected computers to act as bots communicating with command-and-control servers; domain generating algorithms (DGA) to generate numerous domain names daily to hide command servers; layering and distributing stolen funds via these complex mechanisms

Exact estimates not publicly available, but millions of dollars were lost in related cybercrime attacks, with laundering facilitated through Avalanche’s infrastructure

Analysis revealed Avalanche’s use as a backbone for laundering proceeds from cybercrime globally. Infected computers were controlled remotely to communicate with changing domain names and servers, obscuring the trail of stolen assets. Money mules transferred or spent stolen funds to further distance illicit proceeds from origin. Cooperation among more than 40 countries’ agencies mapped the network and traced flow of funds and control servers between US, Canada, and Europe. The system’s complexity and global reach enabled large-scale laundering and malware attacks over years.

A multinational law enforcement operation involving US Department of Justice, FBI, German authorities, Europol, and others led to a coordinated takedown in 2023. Civil cases and temporary restraining orders were used to seize control of domain names and redirect infected systems to law enforcement servers (“sinkholing”), disrupting the malware infrastructure. Investigations used pen registers and network surveillance to expose key servers and actors. This operation highlighted the critical role of international cooperation in dismantling transnational cybercrime laundering networks.

  1. Beosin – 2023 Global Web3 Security Report with AML Analysis

  2. Operation Avalanche: Protecting Canadians from Crypto Fraud (2024) – Ontario Securities Commission

  3. Chainalysis 2024 Crypto Money Laundering Report (June 2025)

Avalanche
Case Title / Operation Name:
Avalanche Network Money Laundering and Cybercrime Operation
Country(s) Involved:
Canada, Germany, United States
Platform / Exchange Used:
Avalanche Bridge (centralized bridge by Ava Labs)
Cryptocurrency Involved:

Avalanche (AVAX), Ethereum (ETH), stablecoins

Volume Laundered (USD est.):
Estimated millions of dollars; $300M traced through Avalanche Bridge by North Korean hackers
Wallet Addresses / TxIDs :
Specific wallet addresses and transaction hashes linked to malware and laundering networks (not publicly detailed)
Method of Laundering:

Use of fast-fluxing networks, malware botnets, money mule transfers, domain generation algorithms, cross-chain bridges

Source of Funds:

Proceeds from cybercrime, malware attacks, darknet markets, stolen assets, hacking by North Korean groups

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

N/A

Law Enforcement / Regulatory Action:
Multinational takedown led by US DOJ, FBI, Europol, German authorities; seizure and sinkholing of domains in 2023
Year of Occurrence:
2023
Ongoing Case:
Closed
AML Network Risk Rating:
đź”´ High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.