International law enforcement agencies led by the U.S. Department of Justice (DOJ) and Europol have dismantled the SocksEscort proxy network, seizing 34 domains and 23 servers and freezing $3.5 million in cryptocurrency. Authorities say the service hijacked roughly 369,000 devices to sell illicit proxy access used to facilitate online fraud, including crypto-related schemes.
Scope of the takedown
- 34 internet domains seized
- 23 servers taken offline
- $3.5 million in cryptocurrency frozen
- 369,000 devices allegedly hijacked
What is SocksEscort?
SocksEscort functioned as a proxy service, allegedly compromising large numbers of consumer and enterprise devices and reselling their internet connections to customers seeking to mask their identities. Such “residential proxy” and botnet-based services are commonly used to evade fraud detection systems, conduct account takeovers, and route illicit transactions without revealing the perpetrator’s true location.
Why it matters for crypto
Proxy networks enable cybercriminals to obfuscate the origin of transactions, create and operate fraudulent accounts at exchanges, and move stolen funds across platforms. The asset freezes indicate investigators were able to trace on-chain flows linked to the operation, underscoring the growing use of blockchain analytics in disrupting cyber-enabled financial crime.
Authorities said the investigation is ongoing.