E-Note
Cryptocurrency exchange seized by FBI and BKA for laundering $70m+ in ransomware proceeds since 2017.
Last refreshed: 29 May 2026 · Appears in 1 active topic
How did a ransomware money-laundering exchange run for nine years before the FBI seized it?
Timeline for E-Note
Mentioned in: Kimwolf botmaster held over record DDoS
Cybersecurity: Threats and DefencesMentioned in: Scattered Spider's Bouquet arrested in Helsinki
Cybersecurity: Threats and DefencesMentioned in: Norway joins the Salt Typhoon victim list
Cybersecurity: Threats and DefencesFBI seizes E-Note, $70m ransomware rail
Cybersecurity: Threats and Defences- What is E-Note cryptocurrency exchange?
- E-Note was a Cryptocurrency exchange that laundered over $70 million in ransomware proceeds from 2017. The FBI, Michigan State Police, German BKA and Finnish NBI seized it in 2026; Russian national Mykhailo Petrovich Chudnovets was charged with running it.Source: FBI / DOJ
- What was E-Note and why was it seized?
- E-Note was a Cryptocurrency exchange that operated since 2017 as a laundering service for ransomware and account-takeover proceeds. It was seized in 2026 by the FBI, German BKA, Michigan State Police, and Finnish NBI after laundering over $70 million.Source: cyber-threats-and-defences
- Who was charged in connection with E-Note?
- Russian national Mykhalio Petrovich Chudnovets was charged with conspiracy to launder ransomware and account-takeover proceeds through E-Note since 2017.Source: cyber-threats-and-defences
- How did E-Note help ransomware gangs launder money?
- E-Note operated with minimal KYC checks, allowing ransomware operators to convert Cryptocurrency proceeds into fiat or other digital assets while obscuring the transaction trail.Source: cyber-threats-and-defences
- How did law enforcement agencies from different countries coordinate the E-Note seizure?
- The FBI led the operation with the German BKA, Michigan State Police, and Finnish NBI executing simultaneous domestic warrants — the same multi-jurisdiction model used against BTC-e and Hydra.Source: cyber-threats-and-defences
- What happens to ransomware groups after their laundering exchange is seized?
- Criminal groups typically migrate to alternative exchanges, but the operational disruption and intelligence exposure from a seizure have a lasting impact on their money-movement infrastructure.Source: cyber-threats-and-defences
Background
E-Note was a Cryptocurrency exchange and payment processor seized by the FBI, Michigan State Police, German Federal Criminal Police (BKA) and Finnish National Bureau of Investigation as a laundering infrastructure for more than $70 million in ransomware and account-takeover proceeds. Russian national Mykhalio Petrovich Chudnovets was charged with conspiracy to launder proceeds through the exchange since 2017.
E-Note operated as a conversion service for ransomware groups, enabling proceeds to move from Cryptocurrency into fiat or other digital assets while obscuring the trail. Its operational model — minimal KYC requirements and ready accessibility — made it an attractive laundering rail for ransomware operators seeking to monetise quickly. The nine-year operational window before seizure illustrates both the patience required for multi-jurisdiction investigations and the difficulty of seizing infrastructure with international hosting. The exchange's removal closes a durable exit route that criminal groups had relied on across multiple ransomware campaigns.
For the ransomware ecosystem, E-Note's seizure removes a major laundering rail and produces intelligence exposure that outlasts the infrastructure itself. For law enforcement, the multi-jurisdiction model (FBI-led, EU partners executing domestic warrants simultaneously) is the same operational template applied to BTC-e, Hydra, and subsequent enforcement actions. The Chudnovets indictment follows the pattern of naming the exchange operator as the choke point rather than pursuing individual ransomware affiliates.