Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft.
A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
California man admits role in $263 million cryptocurrency theft
A California man admitted participating in a $263 million cryptocurrency theft, according to the referenced report. The case links the theft proceeds to an extravagant lifestyle funded by the stolen cryptocurrency.
Spain arrests teen accused of stealing and selling 64 million records
Spanish authorities arrested a teenage suspect accused of stealing and selling 64 million personal data records. Multiple references report the same arrest as a distinct law enforcement action tied to large-scale personal data theft.
Europol-backed operation hits €700M deepfake crypto fraud network
An international law enforcement operation coordinated by Europol and Eurojust dismantled a cryptocurrency fraud and money laundering network that allegedly laundered more than €700 million through fake investment platforms promoted with deepfake videos and aggressive marketing. The action unfolded in two phases and led to multiple arrests, asset seizures, and disruption of both the core organization and its affiliate marketing infrastructure across several countries.
Russian police dismantle NFCGate-based banking malware gang
Russia’s Interior Ministry said it detained multiple suspects, including the alleged malware developer and main administrator, in a criminal scheme that stole bank card data and cash from customers using Android malware built on NFCGate. Authorities estimated preliminary losses at more than 200 million rubles and said cards across nearly all of Russia were affected.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Teen who allegedly stole millions of personal data records arrested in Spain
therecord.media
Open sourceSpain arrests teen who stole 64 million personal data records
bleepingcomputer.com
Open sourceCalifornia man admits role in $263 million cryptocurrency theft that funded lavish lifestyle
bitdefender.com
Open sourcePolice Dismantle EUR 700 Million Crypto Scam That Used Deepfakes
hackread.com
Open sourceRussian police bust bank-account hacking gang that used NFCGate-based malware
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Global Law Enforcement Crackdowns on Cybercrime Networks and Operations
Law enforcement agencies worldwide have intensified efforts to disrupt cybercrime networks, targeting both large-scale organized groups and individual offenders. In 2025, major international operations led to the seizure of approximately $15 billion in Bitcoin from the Prince Group, a syndicate accused of running forced-labor scam centers and crypto fraud schemes. Authorities in Southeast Asia and Africa conducted coordinated raids, arresting thousands of suspects, dismantling malicious infrastructure, and recovering millions in illicit funds. These actions were supported by intelligence sharing and technical assistance from private companies, reflecting a growing trend of cross-border collaboration to combat cyber threats such as ransomware, business email compromise, and online scams. In South Korea, police arrested four individuals accused of compromising over 120,000 IP cameras, with the intent to create and sell sexually exploitative videos. The suspects exploited weak or default passwords to gain access to cameras in sensitive locations, including medical offices. Law enforcement responded by notifying affected owners and emphasizing the seriousness of such privacy violations. These arrests are part of a broader global crackdown on cybercrime, which also included operations in Australia and the UK targeting Wi-Fi-based attacks and dark web marketplaces. Authorities continue to stress the importance of active investigation and international cooperation to address the evolving landscape of cyber-enabled crime.
Mar 21, 2026
European Police Dismantle €600 Million Cryptocurrency Investment Fraud Network
European law enforcement agencies arrested nine individuals suspected of operating a large-scale cryptocurrency investment fraud network that defrauded victims of over €600 million. The suspects allegedly created dozens of fake cryptocurrency investment platforms, luring victims with promises of high returns through social media ads, cold calls, and fabricated celebrity endorsements. Once funds were transferred, victims were unable to recover their money, while the criminals laundered the stolen assets using blockchain technology. The coordinated operation, led by Eurojust and involving authorities from France, Belgium, Cyprus, Spain, and Germany, resulted in simultaneous arrests and searches in Cyprus, Spain, and Germany, with significant seizures of cash, cryptocurrencies, and bank assets. The investigation revealed that the network used sophisticated methods to conceal the origins of the stolen funds, cycling them through various wallets and exchanges. Authorities seized €800,000 in bank accounts, €415,000 in cryptocurrencies, and €300,000 in cash during the raids. The operation underscores the growing threat of organized cybercrime leveraging fake investment platforms to target individuals across Europe, and highlights the importance of international cooperation in combating large-scale financial fraud in the cryptocurrency sector.
Mar 21, 2026
Major Cryptocurrency-Related Cybercrime Prosecutions and Asset Seizures
Law enforcement agencies in multiple countries have made significant progress in prosecuting individuals and groups involved in large-scale cryptocurrency-related cybercrimes. In the United States, a California man pleaded guilty to laundering at least $25 million as part of a group that stole $230 million in cryptocurrency through social engineering and account takeovers. The group, composed of young adults from several states and abroad, used various tactics to compromise victims' crypto accounts and launder the proceeds, with several members facing charges including wire fraud, racketeering, and money laundering. In the United Kingdom, prosecutors secured a civil recovery order to seize over £4.11 million ($5.39 million) in crypto assets from Joseph James O'Connor, who was convicted for his role in the 2020 Twitter mega-hack. O'Connor and his associates used SIM-swapping and social engineering to hijack high-profile Twitter accounts, soliciting Bitcoin from followers and amassing illicit gains. These actions demonstrate the increasing effectiveness of international law enforcement in tracing, prosecuting, and recovering assets from cybercriminals who exploit cryptocurrency for large-scale fraud and theft.
Mar 21, 2026