Global Operation Freezes $47M in Crypto, Dismantles Infostealer Networks

A global law enforcement crackdown froze more than €41 million ($47 million) in criminal crypto as part of Operation Endgame. The coordinated action dismantled the infrastructure behind three malware families-SocGholish, Amadey, and StealC-that specialized in stealing passwords, browser cookies, and cryptocurrency wallet data.

Police seized 326 servers and 142 domains, recovering nearly 27 million stolen credentials from more than 385,000 infected computers. The malware strains often worked together: Amadey gained initial access, SocGholish tricked users via fake browser updates, and StealC extracted seed phrases from popular wallets like MetaMask.

Microsoft, a partner in the takedown, tied Amadey and StealC to over 140,000 infected machines in just two weeks. The company also filed a U.S. racketeering suit that treated the two malware families as a single criminal conspiracy, disrupting more than 200 command-and-control servers. Authorities are routing victim alerts through Have I Been Pwned so users can check if their credentials are compromised.