A court-authorized international law enforcement operation led by the U.S. Department of Justice has disrupted SocksEscort, a large residential proxy network that allegedly exploited thousands of internet routers worldwide to facilitate cybercrime and financial fraud.
Authorities said the U.S. government executed seizure warrants against dozens of internet domains registered in the United States that were allegedly connected to the criminal infrastructure. The announcement was made by U.S. Attorney Eric Grant.
According to court documents, the SocksEscort network infected home and small business routers with malware, allowing operators to redirect internet traffic through compromised devices
The network then sold access to these infected routers as proxy services to customers seeking to hide their true locations online.
Investigators said the service had been operating since at least the summer of 2020 and offered access to roughly 369,000 IP addresses at various points
As of February 2026, the SocksEscort platform listed about 8,000 infected routers available for purchase, including around 2,500 located in the United States.
Cybercriminals allegedly used the proxy network to conceal their identities while carrying out a range of fraudulent activities. These included account takeovers targeting U.S. bank accounts and cryptocurrency platforms, as well as schemes involving fraudulent unemployment insurance claims.
Authorities said the crimes caused millions of dollars in losses to victims. Among the cases cited by investigators was a New York resident who lost approximately $1 million in cryptocurrency from an exchange account
In another case, a manufacturing company in Pennsylvania lost $700,000, while current and former U.S. service members using Military Star credit cards were defrauded of about $100,000.
The operation involved coordinated action by international partners, with law enforcement agencies in Austria, France, and the Netherlands helping dismantle key SocksEscort servers.
The investigation is being led by the Federal Bureau of Investigation Sacramento Field Office, along with the Department of Defense Office of Inspector General’s Defense Criminal Investigative Service and IRS Criminal Investigation.
Authorities said the operation highlights the growing importance of international cooperation in combating cybercrime networks that exploit global digital infrastructure.
Your web3 identity + services + payments in one single link. Get your pay3.so link today.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
China orders Apple to pull Dorsey's Bitchat, the messaging app used during Iran protests
Apple removed Bitchat, a decentralized messaging app by Jack Dorsey, from its China App Store at China's request, citing regulatory violations. Despite this, the app remains available globally and has seen over three million downloads.
CoinDesk2h ago
The lawyer says the $280 million attack on Drift Protocol may constitute civil negligence
Attorney Ariel Givner said that the 280M-dollar attack incident involving the Drift Protocol, which resulted from failing to follow basic security procedures, could amount to civil negligence. The attacker, after 6 months of planning, used a trusting relationship to steal the developers’ devices; there is already a class-action lawsuit advertisement targeting Drift circulating.
GateNews10h ago
Polymarket pulls controversial Iran rescue markets after intense backlash
Polymarket removed a betting market on U.S. military rescues in Iran after backlash from lawmakers, who criticized it for trivializing such efforts. This reflects growing scrutiny and regulation of prediction markets amid concerns over ethics and integrity.
CoinDesk14h ago
Drift says $270 million exploit was a six-month North Korean intelligence operation
A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published by the team earlier on Sunday.
The attackers first made contact around fall 2025 at a major crypto c
CoinDesk22h ago
