DOJ, Europol Seize $3.5M In Crypto After Takedown Of Global Proxy Fraud Network SocksEscort

Global law enforcement agencies have issued a stark warning to cryptocurrency investors following the dismantling of a major cybercrime operation, with one New York victim suffering a near-total 100% portfolio loss. The DOJ and Europol's coordinated strike against the SocksEscort proxy service network has frozen $3.5 million in digital assets, exposing a critical vulnerability that enabled widespread theft and fraud across international borders.

A Network Built On Hijacked Devices

US and European authorities announced Thursday they had shut down SocksEscort after years of operation. The service worked by infecting routers and other internet-connected devices with malware, turning them into cover points that masked the real locations of cybercriminals.

According to the Department of Justice, the network had quietly burrowed into at least 369,000 devices spread across 163 countries. Criminals could then route their attacks through those compromised machines, making them far harder to trace.

The malware at the heart of the operation — known as AVrecon — had been publicly identified by cybersecurity firm Black Lotus Labs as far back as July 2023. The network kept running anyway.

The takedown was not a single agency effort. Law enforcement from Austria, France, Germany, Hungary, the Netherlands, Romania, and the US worked the case together.

On the American side, the FBI’s Sacramento Field Office, the IRS Criminal Investigation Oakland Field Office, and the Department of Defense’s Defense Criminal Investigative Service all had a hand in it.

Europol and Eurojust provided cross-border coordination support. Black Lotus Labs and the nonprofit Shadowserver Foundation supplied technical intelligence that helped investigators connect the dots.

Criminals Paid In Crypto To Stay Anonymous

SocksEscort did not just attract individual bad actors. It ran like a business. Customers paid to access the service, and they did so anonymously — using cryptocurrency to avoid leaving a financial trail.

Based on reports from Europol, the platform pulled in at least 5 million euros, roughly $5.7 million, from its paying users over the course of its run.

Authorities were ultimately able to seize 34 domains, take down about two dozen servers operating across seven countries, and freeze approximately $3.5 million in crypto tied to the operation.

Europol Executive Director Catherine De Bolle said proxy services of this kind give criminals the cover to carry out attacks, move illegal content, and dodge detection. She credited the international cooperation for exposing the infrastructure behind it.

The crimes enabled by SocksEscort went beyond any single method. Officials linked the network to bank fraud and cryptocurrency account takeovers dating back to 2020.

The New York victim’s case stood out for its scale, but reports indicate the damage was spread across multiple countries and target types.

Featured image from Pexels, chart from TradingView