Authorities Freeze $3.5M in Crypto as Europol, DOJ Disrupt ‘SocksEscort’ Proxy Network
European and U.S. authorities dismantled a major malicious proxy operation known as “SocksEscort,” which had compromised over 369,000 routers and IoT devices in 163 countries. Law enforcement seized 34 domains, 23 servers across seven countries, and froze $3.5 million in cryptocurrency linked to the operation. The service enabled cybercriminals to use more than 35,000 proxy addresses for crimes such as ransomware, DDoS attacks, child sexual abuse material distribution, bank and crypto account takeovers, and fraudulent unemployment claims. A payment platform connected to SocksEscort reportedly processed over $5.7 million in crypto. Notable victims included a New York crypto exchange customer defrauded of $1 million, a Pennsylvania manufacturer losing $700,000, and military service members defrauded of $100,000. Authorities from eight countries cooperated in the investigation, which began in June 2025. Europol stated that disrupting this infrastructure strikes a significant blow against cybercrime networks worldwide.
