Shufti-Sphere-Website-Banner
burger-menu cross-icon-2

Resources

us

216.73.217.72

Europol Seizes €41M, 27M Stolen Logins in Malware Crackdown

Europol has frozen more than €41 million in cryptocurrency and recovered 27 million stolen login credentials in a coordinated international takedown of the SocGholish, Amadey and StealC malware networks, the agency announced on 24 June 2026. The two-week operation, the latest chapter of Operation Endgame, dismantled 326 servers and seized 142 domains behind three of the tools that supply the global cybercrime economy.

According to Europol’s statement, the action was led by Germany’s Federal Criminal Police Office and coordinated through Europol’s European Cybercrime Centre, with judicial support from Eurojust and participation from law enforcement in Canada, Denmark, the Netherlands, the United Kingdom and the United States. StealC, an infostealer sold as a service since 2023, harvests passwords, browser cookies, stored access data and cryptocurrency wallet details from infected machines. Amadey serves as the first link in the attack chain, gaining an initial foothold and dropping further malware, while SocGholish, linked to the Russian group Evil Corp, infects victims through fake browser-update prompts on compromised websites.

Microsoft, whose Digital Crimes Unit supported the operation alongside ESET, BitSight, Proofpoint and IBM X-Force, reported that Amadey and StealC were linked to more than 140,000 infected computers worldwide in the first two weeks of May 2026. Europol described the goal as disrupting the “assembly lines” cybercriminals use to launch ransomware, financial fraud and attacks on critical infrastructure.

Infostealers sit at the base of that supply chain. They collect the credentials and identity data that are later sold on criminal marketplaces and reused to break into bank accounts, cryptocurrency exchanges and corporate systems. The €41 million in frozen assets, roughly $46.5 million, reflects how digital currencies have become the primary settlement layer for that trade, the point at which stolen data is converted into cash.

The recovery of 27 million credentials in a single operation points to a problem that reaches far beyond the networks that were dismantled. Stolen usernames, passwords and identity documents circulate for years after a breach, and any system that treats a valid credential as proof of identity is exposed to account takeover and synthetic identity fraud. For banks, fintechs and cryptocurrency platforms, the sheer volume of harvested login data means static passwords and one-time document checks can no longer be assumed to confirm who is behind a transaction.

Financial institutions and crypto platforms operating in this environment need verification that a stolen password or copied document cannot defeat, which points toward biometric identity checks and continuous fraud monitoring rather than credential-based gates. Shufti’s fraud prevention and face verification tools combine document authentication with facial biometrics and liveness detection across 240+ countries and territories, tying each account to a live person rather than a reusable secret, while its AML and KYC screening helps crypto businesses flag assets and counterparties of criminal origin. Institutions reassessing their exposure after Operation Endgame can explore Shufti’s fraud prevention capabilities or request a demo to see the platform in action.

Suggested Reads:

AUSTRAC Rolls Out VASP Register as Travel Rule

EU Crypto Firms Race to Meet MiCA Authorisation

Related Posts

News

Scam Adverts Cost 13.5 Million UK Adults, Revolut Report

Scam Adverts Cost 13.5 Million UK Adults, Revolut Report

Explore More

News

Europol Seizes €41M, 27M Stolen Logins in Malware Crackdown

Europol Seizes €41M, 27M Stolen Logins in Malware Crackdown

Explore More

News

AMLA to Submit Final EU Due Diligence Rules by 10 July

AMLA to Submit Final EU Due Diligence Rules by 10 July

Explore More

News

AMLA Flags Crypto AML Risks as MiCAR Deadline Passes

AMLA Flags Crypto AML Risks as MiCAR Deadline Passes

Explore More

News

AUSTRAC Rolls Out VASP Register as Travel Rule Takes Effect

AUSTRAC Rolls Out VASP Register as Travel Rule Takes Effect

Explore More

News

Saudi Arabia Tightens AML and Beneficial Ownership Rules

Saudi Arabia Tightens AML and Beneficial Ownership Rules

Explore More

News

South Africa Expands Smart ID to 203 Bank Branches Nationwide

South Africa Expands Smart ID to 203 Bank Branches Nationwide

Explore More

News

Scam Adverts Cost 13.5 Million UK Adults, Revolut Report

Scam Adverts Cost 13.5 Million UK Adults, Revolut Report

Explore More

News

Europol Seizes €41M, 27M Stolen Logins in Malware Crackdown

Europol Seizes €41M, 27M Stolen Logins in Malware Crackdown

Explore More

News

AMLA to Submit Final EU Due Diligence Rules by 10 July

AMLA to Submit Final EU Due Diligence Rules by 10 July

Explore More

News

AMLA Flags Crypto AML Risks as MiCAR Deadline Passes

AMLA Flags Crypto AML Risks as MiCAR Deadline Passes

Explore More

News

AUSTRAC Rolls Out VASP Register as Travel Rule Takes Effect

AUSTRAC Rolls Out VASP Register as Travel Rule Takes Effect

Explore More

News

Saudi Arabia Tightens AML and Beneficial Ownership Rules

Saudi Arabia Tightens AML and Beneficial Ownership Rules

Explore More

News

South Africa Expands Smart ID to 203 Bank Branches Nationwide

South Africa Expands Smart ID to 203 Bank Branches Nationwide

Explore More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started