Blockchain investigator ZachXBT reported at the moment that Russian OTC dealer Aleksandr Khinkis allegedly laundered over $4.7 million in crypto. The exercise reportedly occurred between July 2025 and March 2026 throughout a single alternate account. In response to the findings, three suspected ransomware funds totaling 796 BTC drove the transactions by way of Bitcoin, Avalanche, and Tron networks.
Crypto Flows Linked to Bitcoin, Avalanche, and Tron
In response to ZachXBT in an X thread, investigators first engaged Khinkis by way of Telegram whereas posing as a shopper. Khinkis allegedly offered an alternate deposit deal with, which was key to tracing the crypto flows. That deal with, starting with 0xa756, linked a number of transfers tied to suspected ransomware proceeds.
The investigator said that the crypto funds moved from Bitcoin into Avalanche utilizing cross-chain bridges. From there, roughly 75 transfers directed over $4.7 million into the identical alternate deposit deal with. In the meantime, an extra $16.6 million stays deposited in associated addresses or platforms, with some funds actively off-ramped.
Supply: ZachXBT
Nevertheless, ZachXBT emphasised that the laundering routes prolonged additional. Funds handed by way of crypto exchanges and bridges earlier than reaching the Tron community. Timing evaluation reportedly helped match Bitcoin outflows to particular Tron pockets outputs tied to the identical exercise.
Three Ransom Funds
The most important latest crypto case dates to October 10, 2025. ZachXBT traced six Bitcoin bridge deposit addresses linked to a 164 BTC ransom cost. Round $3.8 million in Bitcoin moved by way of instantaneous exchanges earlier than reaching Tron-linked outputs.
Seven Tron addresses tied to this move have been blacklisted by Tether in November 2025. ZachXBT added that the frozen Tether’s USDT was burned three weeks in the past, confirming enforcement motion tied to the case. A second case from September 2, 2025, concerned a 72 BTC ransom cost.
ZachXBT stated 4 Bitcoin bridge addresses linked to that transaction confirmed publicity to recognized ransomware wallets. One initiating deal with had greater than 15% overlap with flagged entities throughout compliance instruments.
Throughout that interval, roughly $1.36 million in Bitcoin moved by way of instantaneous exchanges. The crypto funds later consolidated right into a Tron pockets linked to addresses beforehand frozen by Tether. The earliest case dates again to September 19, 2023.
ZachXBT linked 5 Bitcoin bridge deposit addresses to a 560 BTC ransom cost. These funds moved throughout middleman companies earlier than bridging into Avalanche throughout 2024.
OSINT Knowledge Outlook
Past crypto transaction flows, ZachXBT included open-source intelligence findings tied to Khinkis. In response to the report, Khinkis incessantly travels exterior Russia, together with journeys to Southeast Asia and Australia.
Moreover, his private information reportedly seems in a number of breach data. He additionally paperwork journey exercise brazenly on social media platforms, offering identifiable public traces.
ZachXBT said that 73 BTC linked to the broader crypto cluster stays dormant at a separate Bitcoin deal with. He additionally confirmed that compliance groups and regulation enforcement businesses obtained particulars associated to the traced addresses and fund actions.
