CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Crypto Fraud Ring Dismantled by European Law Enforcement

First reported
Last updated
πŸ“° 2 unique sources, 2 articles

Summary

Hide β–²

Law enforcement authorities across Europe have arrested five suspects associated with a cryptocurrency investment fraud ring that defrauded over 100 victims, resulting in losses exceeding €100 million. The operation, coordinated by Eurojust and supported by Europol, involved multiple countries and targeted investors across 23 nations. The fraudulent scheme, active since at least 2018, promised high returns on cryptocurrency investments through professionally designed online platforms. Funds were funneled into bank accounts in Lithuania, and victims were required to pay additional fees to recover their assets, ultimately leading to significant financial losses. The coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania, and Bulgaria. Bank accounts and other financial assets associated with the cybercrime ring were frozen. The main perpetrator behind the operation has been accused of large-scale fraud and money laundering by running an online investment platform for several years.

Timeline

  1. 23.09.2025 17:16 πŸ“° 2 articles Β· ⏱ 6h ago

    European Law Enforcement Dismantles Crypto Fraud Ring

    The coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania, and Bulgaria. Bank accounts and other financial assets associated with the cybercrime ring were frozen. The main perpetrator behind the operation has been accused of large-scale fraud and money laundering by running an online investment platform for several years. The fraudulent scheme covered 23 different countries, either as areas used to divert proceeds of the scam or as locations where victims were based.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

TradeOgre cryptocurrency exchange dismantled by Canadian authorities

The Royal Canadian Mounted Police (RCMP) has shut down the TradeOgre cryptocurrency exchange and seized over $40 million in cryptocurrency believed to be linked to criminal activities. This action marks the first time a crypto exchange has been shut down by Canadian law enforcement and the largest asset seizure in the country's history. TradeOgre was known for its privacy-focused operations and lack of Know Your Customer (KYC) policies, which allowed users to remain anonymous. The investigation began in June 2024 following a tip from Europol, and the platform was taken offline in July, initially raising suspicions of an exit scam. The RCMP confirmed that the platform was operating illegally due to its failure to register with FINTRAC and its lack of client identification. The RCMP has not confirmed the specific types of criminal activities facilitated by TradeOgre but acknowledged that its anonymity features made it attractive for money laundering.

Open in new tab

FinWise Bank insider breach impacts 689K American First Finance customers

FinWise Bank experienced a data breach on May 31, 2024, when a former employee accessed sensitive files after their employment ended. The breach affected 689,000 customers of American First Finance (AFF), a company that offers consumer financing products. The compromised data included full names and other personal information. FinWise has strengthened internal controls and is offering free credit monitoring services to affected individuals. The incident is facing multiple class-action lawsuits. The breach was discovered and investigated with the help of outside cybersecurity professionals. The exact methods used by the former employee to access the data remain undisclosed.

Open in new tab

U.S. sanctions Southeast Asian cyber scam operations stealing billions from Americans

The U.S. Department of the Treasury has imposed sanctions on several large cyber scam networks in Southeast Asia, particularly in Burma and Cambodia. These operations, which stole over $10 billion from Americans in 2024, are known for using forced labor, human trafficking, and physical violence. The scams include 'romance baiting' and fake cryptocurrency investment schemes. The financial damage to Americans increased by 66% compared to the previous year. The sanctions target 19 entities and individuals linked to the Karen National Army (KNA) in Burma and various organized crime networks in Cambodia. These entities are involved in running scam centers, providing infrastructure, and facilitating money laundering. The sanctions block these entities from the U.S. financial system, freeze their U.S. assets, and limit their access to international financial services. The cybercriminal syndicates in Southeast Asia are estimated to net nearly $40 billion annually in illicit profits. In May 2025, OFAC targeted Funnull Technology Inc. and its administrator Liu Lizhi for their part in romance scams that caused more than $200 million in losses. In July 2025, Cambodian law enforcement raided several cyber-scam centers, arresting more than 1,000 people. The cybercriminal operations have led to the growth of entire cities along national borders, especially in conflict zones and special economic zones (SEZs).

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, suffered a data breach between February 12, 2025, and March 3, 2025. Hackers gained unauthorized access to internal systems, stealing personal data. The breach was discovered on February 28, 2025, and remediated three days later. The RansomHub ransomware gang claimed responsibility but the company did not confirm the encryption of data. The number of affected individuals and the exact nature of the stolen data remain undisclosed. The company offers 24-month credit monitoring to impacted individuals and advises vigilance against phishing attempts. RansomHub, the group claiming the attack, has a history of targeting high-profile entities and shut down in April 2025.

Open in new tab

Salesloft Disables Drift Following OAuth Token Theft

Salesloft has taken Drift offline due to a security incident involving the theft of OAuth tokens and unauthorized access to Salesforce data. The breach began with the compromise of Salesloft's GitHub account, affecting multiple major tech companies, including Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Tenable, Zscaler, Tenable, Qualys, Rubrik, Spycloud, BeyondTrust, CyberArk, Elastic, Dynatrace, Cato Networks, BugCrowd, and Stellantis. The incident was attributed to a threat cluster tracked as UNC6395 and GRUB1. The breach occurred on September 5, 2025, affecting the marketing software-as-a-service product Drift. The attackers exploited vulnerabilities to steal authentication tokens, leading to unauthorized access to sensitive data. Salesloft has temporarily disabled Drift to conduct a comprehensive review and enhance security measures. The ShinyHunters extortion gang and threat actors claiming to be Scattered Spider were involved in the Salesloft Drift attacks, in addition to the previous Salesforce data theft attacks. The threat actors primarily focused on stealing support cases from Salesforce instances, which were then used to harvest credentials, authentication tokens, and other secrets shared in the support tickets. The threat actors' primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens. The number of impacted companies has been updated to 29. Cloudflare disclosed that some customer support cases stored in Salesforce included configuration settings and 104 Cloudflare API tokens. Salesforce restored integration with the Salesloft platform, except for the Drift app, which remains disabled until further notice. The breach also affected Qantas, where executives had their short-term compensation reduced by 15% due to a data breach that impacted approximately 5.7 million passengers.

Open in new tab