
E-Note
Cryptocurrency exchange seized by FBI and BKA for laundering $70m+ in ransomware proceeds since 2017.
Last refreshed: 29 May 2026 · Appears in 1 active topic
How did a ransomware money-laundering exchange run for nine years before the FBI seized it?
Timeline for E-Note
Mentioned in: Kimwolf botmaster held over record DDoS
Cybersecurity: Threats and DefencesMentioned in: Europol seizes First VPN in Saffron raid
Cybersecurity: Threats and DefencesMentioned in: Scattered Spider's Bouquet arrested in Helsinki
Cybersecurity: Threats and DefencesMentioned in: Norway joins the Salt Typhoon victim list
Cybersecurity: Threats and DefencesFBI seizes E-Note, $70m ransomware rail
Cybersecurity: Threats and DefencesWhat is E-Note cryptocurrency exchange?
What was E-Note and why was it seized?
Who was charged in connection with E-Note?
Background
E-Note was a Cryptocurrency exchange and payment processor seized by the FBI, Michigan State Police, German Federal Criminal Police (BKA) and Finnish National Bureau of Investigation as a laundering infrastructure for more than $70 million in ransomware and account-takeover proceeds. Russian national Mykhalio Petrovich Chudnovets was charged with conspiracy to launder proceeds through the exchange since 2017.
E-Note operated as a conversion service for ransomware groups, enabling proceeds to move from Cryptocurrency into fiat or other digital assets while obscuring the trail. Its operational model — minimal KYC requirements and ready accessibility — made it an attractive laundering rail for ransomware operators seeking to monetise quickly. The nine-year operational window before seizure illustrates both the patience required for multi-jurisdiction investigations and the difficulty of seizing infrastructure with international hosting. The exchange's removal closes a durable exit route that criminal groups had relied on across multiple ransomware campaigns.
For the ransomware ecosystem, E-Note's seizure removes a major laundering rail and produces intelligence exposure that outlasts the infrastructure itself. For law enforcement, the multi-jurisdiction model (FBI-led, EU partners executing domestic warrants simultaneously) is the same operational template applied to BTC-e, Hydra, and subsequent enforcement actions. The Chudnovets indictment follows the pattern of naming the exchange operator as the choke point rather than pursuing individual ransomware affiliates.