Europol has shut down a Latvia-based cybercrime syndicate that used tens of millions of fake accounts to steal at least $5.7 million through crypto phishing scams.
Quick Summary – TLDR:
- Europol dismantled a massive SIM fraud network operating 49 million fake accounts used in crypto phishing and smishing scams.
- Authorities seized $330,000 in crypto and arrested seven suspects in coordinated raids across Europe.
- The gang ran “crime-as-a-service” platforms that sold phone numbers to bypass 2FA and create fake profiles across crypto exchanges and online platforms.
- The group’s activity is tied to over 1,700 fraud cases with victims mostly in Latvia and Austria, but impacts may be global.
What Happened?
A massive law enforcement operation led by Europol and Latvian authorities brought down a sophisticated cybercrime network accused of using fake online identities and SIM-based tools to carry out phishing campaigns across Europe. The group reportedly stole at least $5.7 million and ran a SIM farm supporting 49 million fake accounts used to exploit crypto platforms, digital banks, and social media.
Europol Targets One of Europe’s Largest Crypto Fraud Rings
Codenamed Operation SIMCARTEL, the sting involved officers from 14 countries, with Austria and Latvia leading the effort. The syndicate’s main business was renting out temporary phone numbers to bypass two-factor authentication (2FA) systems on online services like Coinbase, social networks, dating apps, and e-commerce platforms.
Police executed coordinated raids in September and October 2025, arresting seven individuals and seizing:
- 1,200 SIM box devices capable of running over 40,000 active SIM cards.
- Five servers and hundreds of digital devices.
- €431,000 from bank accounts.
- $333,000 in cryptocurrency.
- Four luxury vehicles.
The group used websites like GoGetSMS.com and APISIM.com to rent out phone identities registered in over 80 countries. These tools enabled criminals to automate fake account creation at a massive scale. The fake accounts were then used for:
- Phishing and smishing attacks
- Laundering stolen crypto funds
- Extortion schemes
- Bypassing security protocols on regulated platforms
Sophisticated Tactics and Alarming Scale
The cybercrime group went far beyond basic scams. Europol reports that the criminals used impersonation techniques, posing as family members, police, or executives to trick users into transferring funds. Some even used illegal content as blackmail, raising serious ethical and legal concerns.
While the $5.7 million figure is the minimum confirmed loss, officials believe the actual amount may be significantly higher due to victims outside the European Union, particularly Russian speakers who fell outside Europol’s jurisdiction.
Crypto Phishing on the Rise
This bust comes amid a broader wave of crypto phishing attacks. Europol reported that such scams jumped from $5 million in April to $12 million in August 2025, driven by more sophisticated tactics like:
- AI-generated deepfake audio and video
- SIM swapping and cloning
- Social engineering blended with crypto tech
The busted network acted as a crime-as-a-service (CaaS) operation, making it easy for other fraudsters to exploit crypto systems without technical knowledge.
Industry Concerns Over SMS-Based Security
Security experts have raised concerns about continued reliance on SMS-based 2FA, noting it as a weak link in online security. As this case shows, attackers can easily bypass such systems using rented phone numbers and SIM farms.
Even with additional verification layers, crypto exchanges and digital platforms remain vulnerable. The FBI recently reported a 66 percent rise in crypto fraud in 2024, reaching $9.3 billion, much of it tied to SIM-based exploits.
SQ Magazine Takeaway
Honestly, this case is a wake-up call. I’m blown away that 49 million fake accounts existed without being flagged earlier. It’s wild to think criminals were literally selling phone numbers as a service to help others commit fraud. This isn’t just a crypto issue, it’s a digital security failure on a global scale. As long as we keep using phone numbers as digital IDs, these kinds of scams will thrive. The takedown is great news, but unless we fix the root of the problem, this won’t be the last one.
