US and European authorities have dismantled SocksEscort, a malicious proxy service used by cybercriminals to hide their identities during fraud, including cryptocurrency account takeovers. The Department of Justice stated the service compromised over 369,000 routers and devices in 163 countries, granting criminals control of proxies that masked their true IP addresses.
The platform, operational since 2020, enabled crimes like bank fraud and cryptocurrency account takeovers. Prosecutors cited a New York victim who lost approximately $1 million in cryptocurrency. Authorities seized 34 domains, disrupted servers in seven countries, and froze about $3.5 million in cryptocurrency linked to the operation.
Customers accessed the service by purchasing it anonymously with cryptocurrency. Investigators estimate SocksEscort generated at least $5.7 million from users. Europol Executive Director Catherine De Bolle noted that such proxy services provide criminals with the necessary digital cover to launch attacks and evade detection.
This takedown involved a coordinated international effort with law enforcement from Austria, France, the Netherlands, Germany, Hungary, Romania, and the US. Support was provided by agencies including the FBI, Defense Criminal Investigative Service, IRS Criminal Investigation, Europol, and Eurojust. Technical intelligence was contributed by Lumen Technologies' Black Lotus Labs and the Shadowserver Foundation.