Law enforcement agencies across Europe have apprehended five individuals linked to a complex online investment fraud scheme that resulted in the theft of over €100 million (approximately $118 million) from more than 100 victims in France, Germany, Italy, and Spain. Eurojust reported that this coordinated operation involved searches at five locations in Spain and Portugal, alongside operations in Italy, Romania, and Bulgaria. Authorities have successfully frozen bank accounts and other financial assets connected to this cybercrime syndicate.
The primary suspect in this case faces serious allegations of large-scale fraud and money laundering after running a deceptive online investment platform for several years. This scheme lured unsuspecting investors with promises of substantial returns on various cryptocurrency investments. Once victims deposited their money, the funds were funneled to bank accounts in Lithuania, where they were laundered. Those who tried to withdraw their funds were confronted with unexpected additional fees, and ultimately, the scam website disappeared.
A comprehensive investigation into this fraudulent operation involved judicial and law enforcement agencies from Bulgaria, Italy, Lithuania, Portugal, Romania, and Spain. According to Eurojust, which coordinated the effort with support from Europol, the fraud had been active since at least 2018 and spanned 23 different countries, either as locations for diverting scam proceeds or as residences of the victims.
This news emerges in the wake of a report from the U.S. Federal Trade Commission (FTC), which revealed that Americans suffered a staggering $12.5 billion in losses to fraud in 2024—a 25% increase from the previous year. Investment scams accounted for the highest losses, totaling $5.7 billion, a rise from $4.6 billion in 2023 and $3.8 billion in 2022. The FTC noted that a significant portion (79%) of individuals who reported investment-related scams ended up losing money, with a median loss exceeding $9,000. Moreover, over $3 billion was lost to scams that originated online, contrasting with approximately $1.9 billion lost through more traditional methods, such as phone calls and emails.
In a related incident, Chainalysis revealed that a user of the Venus Protocol became a target of a social engineering attack on September 2, 2025, but prompt detection and action resulted in the recovery of approximately $13 million in stolen funds. “The attack was rooted in social engineering: malicious actors utilized a compromised Zoom client to gain access to the system,” Chainalysis explained.
After breaching the victim’s computer, the attackers coerced the user into executing a blockchain transaction that granted them delegate status over the account. This allowed them direct control to borrow and redeem assets on behalf of the victim, effectively draining the funds. However, Venus swiftly paused its protocol within 20 minutes of the malicious transaction, preventing the attacker from further transferring the stolen funds. In the following 12 hours, Venus force-liquidated the attacker’s wallet, recovering the stolen assets and resuming normal operations. Chainalysis noted, “Venus passed a governance proposal to freeze $3 million in assets still controlled by the attacker,” emphasizing that not only did the attacker fail to profit, but they actually incurred a loss of $3 million due to the community’s decisive response.
The crackdown by Eurojust aligns with a similar initiative conducted by the Seoul Metropolitan Police Agency (SMPA) earlier this month, which disrupted a cybercrime operation that has been estimated to have stolen around $30 million from 258 high-profile victims, including corporate executives. Chainalysis reported that this operation was particularly sophisticated; after successfully hacking into victims’ personal information and stealing funds, the criminals impersonated agency employees to approach victims’ family members, gathering even more personal data to prepare for future thefts.
