$400M seized, 5,500 arrested in global operation targeting cyber fraud

A coordinated international operation involving law enforcement agencies from 40 countries led to the arrest of over 5,500 individuals linked to financial crimes and the confiscation of more than $400 million in virtual assets and government-backed currencies.

Officers in Nigeria making an arrest (Source: INTERPOL)

Operation HAECHI V details

The five-month Operation HAECHI V (July – November 2024) targeted seven types of cyber-enabled frauds: voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, BEC fraud, and e-commerce fraud.

As part of the operation, Korean authorities, in tandem with authorities in Beijing successfully dismantled a sprawling voice phishing syndicate responsible for financial losses totaling $1.1 billion and affecting over 1,900 victims. The organization’s sophisticated modus operandi included masquerading as law enforcement officials and using counterfeit identification. The operation led to the arrest of 27 members of the organized criminal group, with 19 individuals subsequently indicted.

“While 5,500 arrests is significant, this likely represents lower-level operators in call centre-style operations rather than major cybercrime orchestrators. These groups target high volumes of victims for smaller payouts, rather than the larger ransomware payouts from more sophisticated actors. These operations typically operate at scale, stealing 1,000s of USD at a time, which then adds up, rather than a smaller number of big-time operations such as ransomware, which may net 100,000s of USD per target. The stablecoin romance scams show criminals adapting classic social engineering for the crypto era – combining emotional manipulation with cryptocurrency’s complexity to trick victims into granting account access,” Toby Lewis, Global Head of Threat Analysis at Darktrace, told Help Net Security.

USDT Token Approval Scam

INTERPOL also issued a Purple Notice during Operation HAECHI V to warn countries about an emerging cryptocurrency fraud practice involving stablecoin. Member countries were alerted to the “USDT Token Approval Scam, ” allowing fraudsters to access and control victims’ cryptocurrency wallets.

The two-step approach first lures in victims using romance baiting techniques, instructing them to buy popular Tether stablecoins (USDT Tokens) via a legitimate platform. Once the scammers have gained their trust, the victims are provided with a phishing link claiming to allow them to set up their investment accounts. By clicking, they authorize full access to the scammers, who can transfer funds out of their wallets without the victim’s knowledge.