Europol-Backed Takedown of Gambling Fraud Ring Exploiting Ukrainian Refugees
Spanish and Ukrainian authorities, supported by Europol, dismantled a criminal network that exploited war-displaced Ukrainian women to facilitate an online gambling fraud and money-laundering operation. Investigators said the group recruited vulnerable women from heavily attacked regions, transported them to Spain, and escorted them through obtaining temporary protection status and opening bank accounts and credit cards—then seized control of those accounts to run the scheme.
Police arrested 12 suspects following a two-year investigation and identified 55 Ukrainian women used in the operation, which generated roughly €4.75 million (about $5.5 million) in illicit proceeds. The network allegedly used bot-driven automation to place thousands of simultaneous low-odds bets across online gambling platforms to produce steady, seemingly legitimate returns, while leveraging stolen identities (over 5,000 across 17 nationalities) to create and operate large numbers of betting accounts; authorities said proceeds were also funneled into assets including luxury real estate in Europe.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Europol publicly announces dismantling of the criminal network
Europol and participating authorities publicly disclosed that the network had been dismantled, detailing the exploitation of Ukrainian women, the automated betting fraud, and the scale of the money-laundering operation. Reports published on March 5-6, 2026 summarized the case and its impact.
Authorities seize assets, equipment, and block accounts across countries
During the takedown, police seized cash, cryptocurrency, luxury vehicles, electronic devices, computers, SIM cards, and bot-related equipment. They also froze more than €2 million in assets and blocked accounts holding over €470,000 across 11 countries.
Coordinated raids in Spain and Ukraine lead to 12 arrests
After the multi-year investigation, law enforcement carried out coordinated enforcement actions in Spain and Ukraine, including searches in Alicante and Valencia and eight searches in Ukraine. Authorities arrested 12 suspects linked to the network.
Fraud ring runs automated online betting and laundering scheme
Using accounts opened in the women’s names, the network moved illicit funds through online gambling platforms and used bots to place thousands of low-odds bets to generate apparently legitimate profits. Investigators said the scheme also relied on identities stolen from more than 5,000 victims across 17 nationalities and ultimately laundered nearly €4.75 million.
Criminal network exploits displaced Ukrainian women in Spain
The group recruited war-displaced Ukrainian women from heavily affected regions, financed their travel to Spain, helped them obtain temporary protection or refugee status, and coerced them into opening bank accounts and credit cards under criminal control. Authorities later identified 55 Ukrainian women used in the operation and said the network also diverted some government subsidies they received.
Spanish and Ukrainian authorities open joint gambling-fraud investigation
Investigators in Spain and Ukraine, supported by Europol, began a joint investigation into a criminal network exploiting Ukrainian women in an online gambling fraud and money-laundering scheme. The investigation is described as having started in October 2023.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Criminal ring exploiting Ukrainian women for online gambling fraud dismantled | brief | SC Media
scworld.com
Open sourcePolice dismantles online gambling ring exploiting Ukrainian women
bleepingcomputer.com
Open sourceUkrainian women fleeing war exploited in multimillion-dollar gambling fraud scheme | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
European Law Enforcement Dismantles Ukrainian Call Center Fraud Network
European law enforcement agencies, supported by Eurojust, have dismantled a large-scale fraud network operating multiple call centers in Ukraine that targeted victims across Europe. Authorities from Ukraine, the Czech Republic, Latvia, and Lithuania arrested 12 suspects and identified 45 individuals involved in the operation, which defrauded over 400 victims of more than 10 million euros. The criminal group used various schemes, including impersonating police officers and bank employees, convincing victims their accounts were compromised, and instructing them to transfer funds to "safe" accounts controlled by the network. In some cases, victims were persuaded to install remote access software, allowing the criminals to hijack their bank accounts, and some fraudsters even met victims in person to collect cash using stolen card details. The call centers, located in Dnipro, Ivano-Frankivsk, and Kyiv, employed around 100 people recruited from several European countries. Employees were paid commissions of up to 7% of the stolen funds and were promised bonuses such as cash, cars, or apartments for exceeding certain fraud targets, though these rewards were never distributed. During coordinated raids on December 9, 2025, authorities conducted 72 searches, seizing vehicles, weapons, computers, cash, and forged identification documents. The operation highlights the transnational nature of organized fraud and the effectiveness of coordinated law enforcement action across European borders.
Mar 21, 2026
European Law Enforcement Takedowns of Phishing and Investment-Fraud Networks
European law enforcement reported multiple cyber-enabled fraud disruptions, including a Eurojust-supported operation that dismantled a **fraudulent call-centre network** operating from three offices in Dnipro. Authorities from Latvia, Lithuania, and Ukraine arrested **11 suspects**, seized **more than €400,000** in cash, and collected electronic evidence (computers, SIM cards, documents) during searches at **32 locations**. The group allegedly ran a fake cryptocurrency investment platform and used **remote access software** to gain access to victims’ online banking and move funds to accounts and crypto wallets under their control. Separately, Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group operating in Poland and Germany that used **phishing** to hijack Facebook accounts and extract **BLIK** payment codes. Investigators identified **11 group members**, placed **six** in pretrial detention, and seized **over 100,000** stolen Facebook credentials; prosecutors filed **400+ charges** including unauthorized access, online fraud, and money laundering. A South Korean case involving the breach of Seoul’s bike-hire service *Ttareungyi* (4.62 million users affected) is a distinct incident and not part of the European takedown actions described above.
Mar 21, 2026
European Police Dismantle €50 Million Crypto Investment Fraud Call-Center Network
Austrian and Albanian authorities, supported by **Europol** and **Eurojust**, dismantled a large online investment fraud operation that allegedly stole at least **€50 million** from victims across Europe and other regions. The network operated from call centers in **Tirana, Albania**, where investigators said it was run like a legitimate business with up to **450 employees** spanning management, finance, IT, HR, customer acquisition, and retention roles. Victims were lured through fake broker and cryptocurrency investment platforms promoted on search engines, websites, and social media, then pressured by multilingual operators posing as brokers or advisers to transfer more money. A coordinated action on **17 April** led to **10 arrests**, searches of **three call centers** and **nine homes**, and the seizure of **€891,735 in cash** along with hundreds of computers and phones. Investigators said the group used remote access software and an international money-laundering scheme to divert funds rather than invest them, and in some cases targeted victims a second time with a bogus recovery service that demanded a **€500** cryptocurrency payment. Authorities said the seized infrastructure and data are expected to support additional investigations in other affected countries.
May 4, 2026