BlockBeats News, March 24, Renowned on-chain investigator ZachXBT today released an investigation alleging that a Russian over-the-counter (OTC) broker named Aleksandr (Aleks) Khinkis has been involved in laundering money for ransomware groups through a single crypto exchange account since July 2025, totaling over 4.7 million US dollars. The related funds are associated with three suspicious ransom payments, totaling approximately 796 bitcoins (BTC).
The investigation shows that after bridging transfers between Bitcoin and Avalanche, these funds were sent in batches to his exchange deposit address (0xa756), with a total of 75 transactions between July 2025 and March 2026. Furthermore, around 16.6 million US dollars are currently held in Aave and are being gradually cashed out.
ZachXBT highlighted multiple ransom transactions: around September 2025, about 72 BTC in ransom payments were bridged into the relevant address; around October 2025, about 164 BTC in ransom were also discovered and converted to around 3.8 million US dollars. Some related addresses were blacklisted by Tether in November 2025, and the frozen USDT was burned three weeks ago, indicating law enforcement and regulatory involvement.
In an earlier September 2023 transaction, the account was also involved in a ransom payment of about 560 BTC, which was bridged to the Avalanche network in 2024 after circulating through multiple intermediary addresses and several exchanges. Additionally, the investigation points out that the source addresses of the bitcoins are highly correlated with multiple ransomware addresses, suspected to act as payment relay nodes. Despite some funds remaining dormant, ZachXBT warned that they could still be further laundered in the future, urging victims to promptly report related addresses for fund freezing.
