Law enforcement in Europe has apprehended five individuals linked to a complex online investment scam that defrauded over 100 victims across France, Germany, Italy, and Spain, amassing more than €100 million (approximately $118 million). Eurojust reported that this coordinated effort involved searches in five locations across Spain and Portugal, in addition to operations in Italy, Romania, and Bulgaria. Authorities have also frozen bank accounts and financial assets associated with the criminal network.
The primary suspect in this elaborate scheme faces serious charges of extensive fraud and money laundering. This individual allegedly operated an online investment platform that misled unsuspecting investors with promises of substantial returns on cryptocurrency investments for several years. Once victims deposited their funds, these were funneled into bank accounts located in Lithuania for laundering purposes. Those who sought to withdraw their investments were often confronted with requests for additional fees, after which the scam website disappeared without a trace.
Multiple judicial and law enforcement agencies from Bulgaria, Italy, Lithuania, Portugal, Romania, and Spain collaborated in this investigation into the fraudulent activities. According to Eurojust, which coordinated the operation alongside Europol, this scam had been ongoing since at least 2018 and affected individuals in 23 different countries, either as locations for laundering the proceeds or as residences of the victims.
A report from the U.S. Federal Trade Commission (FTC) highlighted that Americans experienced a staggering $12.5 billion in losses due to fraud in 2024, reflecting a 25% increase from the previous year. Notably, investment scams were responsible for the largest financial losses, totaling $5.7 billion, which marks a rise from $4.6 billion in 2023 and $3.8 billion in 2022. The FTC noted that 79% of individuals who reported investment-related scams ended up losing money, with a median loss exceeding $9,000. Moreover, over $3 billion was lost to scams that initiated online, in contrast to about $1.9 billion lost through more conventional methods such as phone calls or emails.
This alarming situation unfolds amid insights from Chainalysis, which disclosed an incident involving a user of the Venus Protocol who fell victim to a social engineering attack on September 2, 2025. Thanks to prompt detection and decisive action, stolen assets valued at around $13 million were recovered. Chainalysis detailed that the attack was rooted in social engineering tactics, where the perpetrators exploited a compromised Zoom client to gain access to the victim’s system.
After breaching the victim’s machine, the attackers coerced the individual into executing a blockchain transaction that granted them delegated authority over the account. This maneuver allowed the attackers to borrow and redeem assets on the victim’s behalf, draining their funds. However, Venus successfully paused its protocol within 20 minutes of the malicious transaction, effectively halting further theft. Within the subsequent 12 hours, Venus force-liquidated the attacker’s wallet, successfully recovering the stolen assets and resuming full operational services.
Chainalysis noted that Venus also passed a governance proposal to freeze an additional $3 million in assets still under the attacker’s control, resulting in the attacker not only failing to profit but actually incurring a loss of $3 million due to the community’s rapid response.
This crackdown by Eurojust aligns with a recent initiative by the Seoul Metropolitan Police Agency (SMPA), which disrupted a cybercrime operation believed to have stolen approximately $30 million from 258 high-profile victims, including corporate executives. Chainalysis emphasized that the sophistication of this operation included hacking victims’ personal information and deceiving them into providing more data by impersonating agency employees, setting the stage for further thefts.
