In brief
- Europol and partners announced the disruption of the “SocksEscort” malicious proxy service and the freezing of $3.5 million in cryptocurrency linked to the operation.
- The network allegedly compromised more than 369,000 routers and IoT devices and offered customers more than 35,000 proxies.
- The U.S. DOJ said the service enabled fraud including bank and crypto account takeovers, citing a New York victim allegedly defrauded of $1 million in crypto.
European and U.S. authorities have announced the dismantling of a major malicious proxy operation tied to malware-infected home and small-business routers, freezing $3.5 million in cryptocurrency and seizing infrastructure used to support fraud.
Europol said the March 11 action, named Operation Lightning, targeted the “SocksEscort” service, which it said had compromised over 369,000 routers and Internet of Things devices across 163 countries and offered users more than 35,000 proxies in recent years.
🚨 Servers used for cybercrime around the world taken down
⚖️ Authorities from eight countries targeted a website allegedly offering IP proxy services for cybercriminals in 102 countries.
👉 https://t.co/oOqRlIZgdt pic.twitter.com/QHhCSC7Qlo
— Eurojust (@Eurojust) March 12, 2026
According to Europol, law enforcement seized 34 domains and 23 servers across seven countries, while U.S. authorities froze $3.5 million in crypto linked to the case. Europol also said that a payment platform linked to the service is estimated to have received more than $5.7 million (€5 million) in cryptocurrency.
The investigation, which began in June 2025 under Europol’s Joint Cyberaction Task Force, uncovered a botnet of infected devices, mainly residential routers, exploited to facilitate criminal activities including ransomware, DDoS attacks, and the distribution of child sexual abuse material.
In a parallel announcement, the U.S. Attorney’s Office for the Eastern District of California said that the SocksEscort application had listed about 8,000 infected routers as of February 2026, including around 2,500 in the United States. U.S. law enforcement alleged that criminals used proxy access to mask origin locations for schemes including bank and crypto account takeovers and fraudulent unemployment claims.
Federal prosecutors cited multiple alleged victim losses, including a New York crypto exchange customer reportedly defrauded of $1 million in digital assets, a Pennsylvania manufacturer that allegedly lost $700,000, and current and former military service members allegedly defrauded of $100,000.
“By dismantling this infrastructure, law enforcement has disrupted a service that enabled cybercrime on a global scale,” Europol Executive Director Catherine De Bolle said in a statement, adding that, “Operations like this show that when investigators connect the dots internationally, the infrastructure behind cybercrime can be exposed and shut down.”
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Chainalysis Details 'Shadow Crypto Economy' Exposure as Grinex Suspends Operations
Grinex’s shutdown is intensifying scrutiny of crypto laundering tactics, as fund movements suggest behavior inconsistent with typical enforcement actions. Chainalysis analysis highlights patterns that raise questions about whether the activity aligns with a conventional external hack or
Coinpedia14m ago
SEC Crypto Shift Clarifies Rules Without Blanket Approval
The SEC has adopted a more lenient stance on crypto regulation, allowing some interfaces to operate without broker-dealer registration, but has not given blanket approval for the industry. Recent guidance clarifies how crypto assets are categorized, emphasizing that federal securities laws apply mainly to digital securities. Enforcement activity has decreased as the agency focuses on fraud and market integrity.
CryptoFrontier1h ago
Polish Parliament Fails to Override President's Veto on Crypto Law; PM Alleges Russian Interference
Polish lawmakers failed to override President Nawrocki's veto on a cryptocurrency regulation bill aimed at aligning with EU standards. Tensions rise as accusations emerge of Russian influence in a major crypto exchange amid liquidity issues and lack of regulation.
GateNews4h ago
Hong Kong SFC Investment Committee Warns Prediction Market Trading May Constitute Illegal Gambling
The Hong Kong SFC warns that prediction markets are speculative and not investment products, lacking regulatory protection. They involve gambling elements, potentially making them illegal. The committee urges the public to differentiate between investment and gambling.
GateNews13h ago
Elizabeth Warren Accuses SEC Chair Paul Atkins of Misleading Congress Over Enforcement Decline
Senator Elizabeth Warren accused SEC Chair Paul Atkins of misleading Congress about enforcement actions' decline. With only 456 new cases in 2025, concerns arise regarding the SEC's effectiveness and the regulatory landscape for cryptocurrency and market oversight.
GateNews16h ago
Sanctioned Exchange Grinex Hit by $13.7M Hack; Blames Foreign Intelligence Services
Grinex, a sanctioned crypto-ruble exchange, has halted operations due to a cyberattack that stole over $13.74 million in USDT. The attack is believed to involve state-level actors aiming to destabilize Russia's financial system. Grinex is cooperating with law enforcement but has no timeline for resuming services.
Coinpedia17h ago
