European and U.S. Law Enforcement Actions Against Cyber-Enabled Crime
Multiple law-enforcement actions were reported across Europe and the U.S. targeting cyber-enabled criminal activity, including online intimidation, financial malware operations, and crypto/NFT theft. In Hungary, police working with Romanian authorities detained four young suspects accused of swatting and doxing tied to disputes initiated via Discord, including false bomb and violence threats that triggered significant emergency response deployments.
Separately, U.S. authorities convicted two Venezuelan nationals for a multi-state ATM jackpotting operation in which they physically accessed older ATMs, connected a laptop, and deployed malware to force cash dispensing, resulting in hundreds of thousands of dollars in losses and restitution orders. In Romania, two suspects were investigated at the request of UK authorities over an alleged hitman-for-hire marketplace designed to conceal identities and payments via cryptocurrency escrow, with police seizing storage devices, crypto valued around $650,000, and significant cash. In the Netherlands, Zeeland police arrested four suspects linked to the theft of 169 NFTs valued at roughly €1.4 million, seizing data carriers, cash, vehicles, and a house during raids as the investigation continued.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
U.S. court convicts and sentences two ATM jackpotting defendants
Two defendants were convicted in the United States over the ATM jackpotting operation. One was sentenced to time served and restitution, while the other received an 18-month federal prison sentence and restitution, after which both were to be deported.
Hungarian and Romanian police detain four young suspects
Hungarian police, working with Romanian authorities, took action against four young suspects accused of carrying out the false threat calls, swatting, and doxing. The detentions were reported as a cross-border law enforcement operation tied to the 2025 investigation.
Investigators link swatting and doxing suspects to Discord disputes
During the ensuing investigation, Hungarian authorities determined that the suspects' interactions with victims were connected to disputes that developed on Discord. The case centered on alleged swatting and doxing activity by four young individuals.
False threat-call campaign begins in Hungary
In mid-July 2025, multiple Hungarian police units received a cluster of false reports alleging serious crimes, including bomb threats against schools, religious institutions, and residential buildings, as well as threats against police. The hoax calls triggered major police deployments and significant use of law enforcement resources.
U.S. investigators build case and tie evidence to Nebraska charges
The U.S. Secret Service and South Carolina Law Enforcement Division jointly investigated the ATM jackpotting scheme and gathered evidence that supported additional charges in a related Nebraska case. Authorities said the thefts targeted bank funds rather than individual customer accounts.
Two Venezuelan nationals conduct multi-state ATM jackpotting scheme
Two Venezuelan nationals carried out a multi-state ATM jackpotting operation targeting older ATMs in South Carolina, Georgia, and Virginia. They physically opened ATMs, connected a laptop, and used malware to bypass controls and force the machines to dispense all available cash, stealing hundreds of thousands of dollars from banks.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Romanian and Dutch Police Investigations Into Crypto-Enabled Online Crime
Romanian authorities, acting on a request from the UK, investigated two Romanian nationals suspected of operating a **hitman-for-hire** marketplace designed to conceal identities and payments. Prosecutors said the platform relied exclusively on **cryptocurrency**, held user funds in escrow until “jobs” were completed, and was structured to make financial flows difficult to trace; searches in Bucharest and Ramnicu Valcea reportedly resulted in the seizure of electronic storage devices, approximately **$650,000 in cryptocurrency**, and significant cash holdings. Potential charges cited include forming an organized criminal group, incitement to murder, attempted murder, and **money laundering**. Separately, police in Zeeland, the Netherlands arrested four suspects following a tip linking them to the theft of **169 NFTs** valued at roughly **€1.4 million**; the operation included seizure of data carriers, money, vehicles, and a residence, though the suspects were later released after interrogation as the investigation continued. The case highlights how blockchain-based assets (including NFTs) remain attractive targets for theft and fraud, with common access vectors including **phishing, social engineering, malware, and seed phrase theft**, and underscores the evidentiary role of seized digital media in crypto-asset investigations.
Mar 21, 2026
Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft. A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Mar 21, 2026
European Law Enforcement Crackdown on Cybercrime and Hacking Operations
European law enforcement agencies have conducted a series of high-profile operations targeting cybercriminals and hackers across the continent. In a coordinated effort led by Europol's Operational Taskforce GRIMM, nearly 200 individuals, including minors, were arrested for their involvement in 'violence-as-a-service' schemes, which included contract killings, intimidation, and torture. The operation spanned multiple countries and resulted in the apprehension of suspects directly involved in violent crimes, enablers, recruiters, and high-value instigators, highlighting a disturbing trend of cybercrime intersecting with real-world violence. In a separate but related development, Polish authorities arrested three Ukrainian nationals found in possession of advanced hacking equipment, including devices capable of compromising IT and telecommunications networks. The suspects were charged with fraud and possession of tools intended for criminal activity, and the equipment seized included Flipper Zero devices, antennas, and spy device detectors. These arrests underscore the increasing sophistication and cross-border nature of cybercrime in Europe, as well as law enforcement's growing focus on disrupting both digital and physical threats posed by organized cybercriminal groups.
Mar 21, 2026