A New York resident’s near‑$1 million crypto loss has become a stark illustration of how a commercial proxy network called SocksEscort enabled global theft and fraud — until authorities shut it down this week.
What SocksEscort was
- SocksEscort operated as a for‑hire proxy service that let criminals hide their true locations by routing attacks through compromised devices.
- The network worked by infecting routers and other internet‑connected gear with a malware strain called AVrecon, turning those devices into anonymous “cover points” for cybercrime.
- According to the U.S. Department of Justice, the infrastructure had quietly infiltrated at least 369,000 devices across 163 countries, making attribution and tracing extremely difficult.
How it was discovered and dismantled
- AVrecon was publicly identified by cybersecurity firm Black Lotus Labs as early as July 2023, yet the network continued operating until this week.
- Law enforcement agencies from Austria, France, Germany, Hungary, the Netherlands, Romania and the United States coordinated the takedown announced Thursday.
- U.S. participants included the FBI’s Sacramento Field Office, the IRS Criminal Investigation Oakland Field Office, and the Defense Criminal Investigative Service. Europol and Eurojust provided cross‑border coordination.
- Technical intelligence from Black Lotus Labs and the nonprofit Shadowserver Foundation helped investigators map the infrastructure.
The business model and impact
- SocksEscort ran like a commercial enterprise: customers paid anonymous fees — primarily in cryptocurrency — to access the proxy service and obscure their activities.
- Europol estimates the platform pulled in at least €5 million (about $5.7 million) from paying users over its lifetime.
- Authorities seized 34 domains, dismantled roughly two dozen servers across seven countries, and froze about $3.5 million in crypto connected to the operation.
Crimes enabled and wider consequences
- Investigators linked SocksEscort to a range of criminal activity, including bank fraud and cryptocurrency account takeovers dating back to 2020.
- The New York victim’s almost $1 million loss drew attention because of its size, but officials say the harm was spread across multiple countries and target types.
- “Proxy services of this kind give criminals the cover to carry out attacks, move illegal content, and dodge detection,” Europol Executive Director Catherine De Bolle said, praising the international cooperation that exposed the infrastructure.
Why this matters for crypto users and platforms
- The case highlights how proxy networks and compromised IoT devices can be weaponized to steal funds and hide criminal activity — and how attackers monetize anonymity with crypto payments.
- It also underscores the importance of coordinated public‑private investigations: law enforcement plus security firms and nonprofit threat researchers were key to the disruption and asset recovery.
Visuals: featured image from Pexels; chart from TradingView.
Read more AI-generated news on: undefined/news
