en

Proxy Network Crushed: 369,000 Hacked Routers Taken Offline in Crypto Fraud Bust

news.bitcoin.com 2 h
image
rubric logo Security
like 5

Authorities pulled the plug on the Socksescort proxy empire, freezing $3.5 million in crypto and exposing a global router botnet.

U.S. and European authorities have dismantled Socksescort, a residential proxy network powered by AVRecon malware that quietly hijacked more than 369,000 devices across 163 countries. Operating since 2020, the service sold access to infected home routers, allowing criminals to disguise their IP addresses while carrying out cryptocurrency account takeovers, bank fraud, ransomware attacks and other schemes.

Victims reportedly lost millions, including $1 million from a New York crypto investor and $700,000 from a Pennsylvania business. During “Operation Lightning,” officials seized 34 domains, shut down 23 servers in seven countries, froze $3.5 million in cryptocurrency payments, and disconnected thousands of infected devices from the network. The crackdown involved the U.S. Department of Justice (DOJ), FBI, IRS Criminal Investigation, Europol, Eurojus,t and several European law enforcement agencies. Investigators say the service generated about $5.7 million for operators while exposing roughly 124,000 proxy users who relied on the botnet’s anonymity.

Authorities believe evidence from seized servers could lead to additional prosecutions. Officials also warned that compromised routers remain a weak point in global cybersecurity, urging owners to update firmware, secure devices, and replace outdated hardware. Experts say dismantling the network removes a key tool used to hide ransomware operations, DDoS attacks, and crypto-related fraud carried out through residential proxy infrastructure.

FAQ 🔎

  • What was the Socksescort proxy network? Socksescort was a residential proxy service using AVRecon malware to hijack over 369,000 routers and IoT devices for anonymous internet access.
  • Who coordinated the Socksescort takedown? The DOJ, FBI, IRS-CI, Europol, Eurojust and European law enforcement agencies worked together in Operation Lightning.
  • How much cryptocurrency was seized in the operation? Authorities froze approximately $3.5 million in cryptocurrency linked to payments to the proxy service operators.
  • How did AVRecon infect routers worldwide? AVRecon exploited vulnerabilities in outdated or poorly secured routers, quietly adding them to a global proxy botnet.
source-logo news.bitcoin.com
Report problem

Other articles

rubric logo Security
Illicit Crypto Activity in Australia Remains Below 1%: TRM Report
source logo cryptopotato.com
comments-count-icon 1
like hodl moon 22
rubric logo Security
CZ goes after Etherscan for displaying address poisoning scams, offers up Trust Wallet solutions
source logo cryptopolitan.com
comments-count-icon 4
like hodl moon 20
rubric logo Security
Project 0 reports user losses from domain hijack amid escalating Ethereum losses
source logo cryptopolitan.com
like moon 11
rubric logo Security
MoonPay introduces Ledger-secured AI crypto agents to address wallet key risks
source logo coindesk.com
like moon 14