SocksEscort Proxy Service Taken Down After DOJ–Europol Operation Freezes $3.5M in Crypto - Crypto Economy

CryptoEconomy · 2026-03-13T19:17:04+00:00

The U.S. and Europol dismantled SocksEscort, a proxy service for cybercriminals concealing identities in financial fraud, leading to domain seizures, server disruptions, and cryptocurrency freezes. Over 369,000 devices were compromised, resulting in substantial financial losses for victims.

CryptoEconomy

2026-03-13 19:17:04

Abstract generation in progress

The U.S. Department of Justice and Europol dismantled SocksEscort, a malicious proxy service used by cybercriminals to conceal their identities while executing financial fraud, including the illicit takeover of cryptocurrency accounts.

The operation, coordinated with agencies from Austria, France, the Netherlands, Germany, Hungary, Romania, and the United States, resulted in the seizure of 34 domains, the disruption of approximately two dozen servers across seven countries, and the freezing of around $3.5 million in cryptocurrencies linked to the network.

According to the Department of Justice, the service compromised at least 369,000 routers and internet-connected devices across 163 countries since 2020, giving criminals control over proxies that concealed their real IP addresses. Among the cases cited by prosecutors, a victim in New York lost approximately $1 million in cryptocurrencies. Investigators estimate the network collected at least five million euros from its users through anonymous cryptocurrency payments.

Europol Executive Director Catherine De Bolle noted that services like SocksEscort provide criminals with the digital cover needed to launch attacks, distribute illegal content, and evade detection mechanisms.

The investigation received technical support from Black Lotus Labs, the threat intelligence unit of telecommunications company Lumen Technologies, and from the nonprofit organization Shadowserver Foundation. The AVrecon malware, publicly documented by Black Lotus Labs in July 2023, was identified as the tool used by SocksEscort to compromise devices.

Source: https://www.justice.gov/usao-edca/pr/authorities-dismantle-global-malicious-proxy-service-deployed-malware-and-defrauded?bm-verify=AAQAAAAM_____28s4t__1rKbI7jNibrQNFSoGXXsDpCTfir6ZHgXX4FK4rxtqepVySEt1iryKN4dC26ZQaivzdUWHok1rlt0lGhEyj6CYM930xoREcxVADJS9RID6Jw8I7dUrlZHgy7gnggMyoBe4rM9BYQ2hRaGvsDM2hMvk3TVbiKaxQ_BHsQPAJDVS81Fx-HCXn8xZwO9L4pGeH3WZBN2XivSeBKXMPZiodX358HvMmoCXdteLWh-XxOnnM_WvwsE61DL0nMlZvxe-XQr9jkDP4xtueTtslruAo6bo3xrG03fnAadsyneyHjzwSXIP6NoJtW5EDD5tbJifOlgiJQwPUbyaZZDSQkjTEPIYw8X02kCBLyq5hJlNs80CgPlWRDg_3lShhVwnlRLWSh4WzoVIqtPX9qr

Disclaimer: Crypto Economy Flash News are based on verified public and official sources. Their purpose is to provide fast, factual updates about relevant events in the crypto and blockchain ecosystem.

This information does not constitute financial advice or investment recommendation. Readers are encouraged to verify all details through official project channels before making any related decisions

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.