Blockchain investigator ZachXBT has publicly accused a Russian over-the-counter (OTC) broker, identified as Aleksandr Khinkis, of laundering more than $4.7 million in cryptocurrency, with the funds allegedly originating from ransomware group proceeds. The on-chain sleuth's detailed exposé, published on March 24, 2026, adds to a growing list of cases where unregulated OTC desks facilitate illicit fund flows.
The investigation, which began with a sting operation, involved researchers posing as potential clients and contacting Khinkis directly via Telegram. He allegedly provided an exchange deposit address (0xa75666786a4e120110418ed3b4865a114d70706e), which became the anchor for tracing the money trail. ZachXBT's methodology, relying on clustering wallet addresses and tracing transaction patterns, identified roughly 75 transfers funneling funds into this single account since at least July 2025.
The $4.7 million in laundered assets is linked to three separate ransomware payments totaling 796 BTC. The oldest case dates to September 2023, involving a 560 BTC ransom whose funds later crossed into the Avalanche network. A second 72 BTC payment from September 2025 showed significant overlap with known ransomware wallets, with about $1.36 million moving through instant exchanges before consolidating into a Tron wallet. The largest payment of 164 BTC occurred in October 2025, with approximately $3.8 million in bitcoin routed through instant exchanges to Tron-linked outputs.
Enforcement action has already been taken, with Tether freezing and later burning funds from seven Tron addresses connected to the flow in November 2025. An additional $16.6 million remains in related addresses, some of which has been cashed out. A separate, dormant stash of 73 BTC in another wallet is being monitored by investigators.
The case highlights the systemic vulnerability of unregulated OTC desks that operate without stringent Know Your Customer (KYC) procedures, allowing bad actors to convert tainted crypto into fiat or clean digital assets. This aligns with broader concerns flagged by analytics firms like Chainalysis, particularly regarding Russian-linked brokers following increased Western sanctions. ZachXBT has confirmed that detailed records have been handed over to compliance teams and law enforcement agencies, though no arrests have been publicly announced.
