The dismantling of a complex dark web money laundering operation, linked to over $24 million in illicit funds, has exposed how even the most privacy-focused criminals can be caught due to digital footprints—particularly through encrypted messaging apps and cloud services.

Figure 1. Dark Web Money Launderer.

Anurag Pramod Murarka, a 30-year-old Indian national using aliases such as "elonmuskwhm" and "la2nyc," was sentenced earlier this year to over 10 years in U.S. federal prison for running a large-scale international money laundering network. Murarka’s operation converted cryptocurrency—gathered from dark web markets, hacking activities, and drug trafficking—into untraceable cash, which was then sent via U.S. Postal Service mail [1]. Despite employing sophisticated anonymization techniques, his network was ultimately exposed due to lapses in digital security and the traceability provided by metadata and cloud surveillance. Figure 1shows Dark Web Money Launderer.

Uncovering the suspect through the cloud

TRM Labs, a blockchain analysis firm that assisted in the investigation, revealed how law enforcement tracked Murarka’s identity. He communicated with clients via Telegram, WhatsApp, and Wickr, using these platforms to confirm transactions and validate payments. U.S. couriers sent photographic proof of dollar bills, which were then matched by buyers—creating a trust mechanism based entirely on fleeting messages. However, these platforms, which initially appeared to offer security, became central to the case against him.

A breakthrough occurred when FBI agents connected a WhatsApp number (+91 9867615027) used for post-delivery coordination to Murarka’s identity through Indian visa records. This number was also linked to an Apple ID, allowing law enforcement to obtain a search warrant for his iCloud account. Accessing his iCloud account provided investigators with a wealth of data, including screenshots of cryptocurrency receipts, Telegram chat logs, and GPS-tagged images placing Murarka at key laundering locations.

The iCloud data bridged the gap between Murarka’s online pseudonyms and his real-world identity. Despite operating remotely and avoiding face-to-face interactions, his use of mainstream devices and cloud services compromised the security of his operation [2]. Once inside his Apple ecosystem, agents discovered archived communications, detailed transaction logistics, and evidence of coordination across various encrypted platforms—all stored in backups.

Murarka was arrested in 2023 after traveling to the U.S. for medical treatment, where the FBI secretly took control of his laundering infrastructure. Over the next year, agents operated undercover, gathering intelligence on hundreds of users. Many of the illicit transactions were traced using blockchain forensics, revealing links to drug trafficking, crypto theft, and even proceeds from violent crime. Public blockchain data, when enhanced with communication metadata from messaging apps and phone records, formed a detailed map of his laundering network.

Murarka’s downfall highlights a growing trend in cybercrime enforcement: pseudonymity is not invincible. While his operation relied on systems like hawala, dark web markets, and peer-to-peer platforms such as LocalMonero to stay anonymous, his reliance on consumer devices and cloud services—particularly Apple and Meta’s platforms—led to his identification. The FBI’s ability to cross-reference cloud data with blockchain transactions underscores the shift towards multi-faceted investigations, where end-to-end encryption offers security only until metadata or backups are compromised.

In the end, the illusion of separate identities across various services can be broken when a single phone number or cloud account links them all. Law enforcement’s use of pen registers, cloud search warrants, and blockchain tracing demonstrates how encrypted apps, though secure in transit, can be undermined by usage patterns, account links, or carelessness in device configuration.

References

1. https://cyberinsider.com/dark-web-launderer-unmasked-through-apple-icloud-and-messaging-apps/
2. https://www.zdnet.com/article/black-cloud-looms-over-apple-online-service-after-high-profile-hack/

Cite this article:

Keerthana S (2025), Apple iCloud and Messaging Apps Expose Dark Web Money Launderer, AnaTechMaz, pp.141