Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The DOJ and Europol have successfully dismantled SocksEscort, a residential proxy network that has been operational since 2009.
A total of 34 domains were confiscated, and 23 servers were taken offline across 7 nations. Additionally, $3.5 million in cryptocurrency has been frozen.
SocksEscort served as the foundational infrastructure for cybercriminals seeking to remain undetected. Account takeovers, ransomware incidents, and cryptocurrency fraud all utilized this network to obscure the origins of the attacks.
It has taken more than ten years, but the operation has concluded.
What the DOJ-Europol Operation Specifically Targeted
The network had compromised 369,000 devices in 163 countries. Routers, IoT devices, and residential IPs were all infected with AVRecon malware and leased to criminals requiring clean addresses to evade fraud detection at banks and cryptocurrency exchanges.
Source: socksescort
Since early 2024, 20,000 new devices have been infected each week. The total revenue generated is estimated to be $5.8 million throughout the operation’s duration. One victim in New York reportedly lost around $1 million in cryptocurrency after their account was compromised via a SocksEscort proxy.
Operation Lightning involved 8 countries, including France, Germany, and the Netherlands. The coordination was intentional. Authorities are no longer merely pursuing individual criminals; they are focusing on the infrastructure that enables cryptocurrency crime in the first place.
Europol’s executive director stated clearly that proxy services like SocksEscort act as an anonymity shield that allows illicit funds to traverse borders without detection. Eliminating this shield causes the entire operation to collapse.
Related Posts
This is precisely what transpired in this case.
The Compliance Pressure This Puts on Exchanges and Mixers
The takedown presents an immediate challenge for all users of the service.
SocksEscort had 124,000 registered users, all of whom were disguising themselves as legitimate residential traffic to circumvent IP-based fraud detection at exchanges. Credential stuffing, password spraying, wash trading, and account takeovers were all facilitated by the proxy network, rendering these activities invisible.
With the servers now seized, they contain extensive transaction data.
Today the #FBI and @TheJusticeDept announced an international law enforcement operation that took down SocksEscort, a global malicious proxy service, seizing dozens of servers and domains and freezing millions of dollars in cryptocurrency. Criminals infected home and small… pic.twitter.com/B0g8kYD5Wy
— FBI Cyber Division (@FBICyberDiv) March 12, 2026
FBI Deputy Assistant Director Jason Bilnoski confirmed this directly. Thousands of users are now at risk. A wave of subsequent indictments is anticipated.
For exchanges, the pressure is also evolving. Regulators are establishing a stricter distinction between legitimate privacy tools and criminal evasion infrastructure. Compliant platforms are already taking steps to ensure that user traffic originates from legitimate ISPs rather than compromised botnets. Those that fail to do so may find themselves targeted next.
SocksEscort has been eliminated, but the forensic evidence it left behind is just beginning to unfold.
Discover: The best new crypto in the world
The post DOJ and Europol Dismantle Crypto-Linked Proxy Network SocksEscort in Joint Action appeared first on Cryptonews.
