Home » Proxy Network Dismantled: 369,000 Hacked Routers Offline

Proxy Network Dismantled: 369,000 Hacked Routers Offline

Proxy Network Crushed: 369,000 Hacked Routers Taken Offline in Crypto Fraud Bust 1

U.S. and European authorities have dismantled Socksescort, a residential proxy network powered by AVRecon malware that quietly hijacked more than 369,000 devices across 163 countries. Operating since 2020, the service sold access to infected home routers, allowing criminals to disguise their IP addresses while carrying out cryptocurrency account takeovers, bank fraud, ransomware attacks and other schemes.

Victims reportedly lost millions, including $1 million from a New York crypto investor and $700,000 from a Pennsylvania business. During “Operation Lightning,” officials seized 34 domains, shut down 23 servers in seven countries, froze $3.5 million in cryptocurrency payments, and disconnected thousands of infected devices from the network. The crackdown involved the U.S. Department of Justice (DOJ), FBI, IRS Criminal Investigation, Europol, Eurojust, and several European law enforcement agencies. Investigators say the service generated about $5.7 million for operators while exposing roughly 124,000 proxy users who relied on the botnet’s anonymity.

Authorities believe evidence from seized servers could lead to additional prosecutions. Officials also warned that compromised routers remain a weak point in global cybersecurity, urging owners to update firmware, secure devices, and replace outdated hardware. Experts say dismantling the network removes a key tool used to hide ransomware operations, DDoS attacks, and crypto-related fraud carried out through residential proxy infrastructure.

FAQ 🔎

  • What was the Socksescort proxy network? Socksescort was a residential proxy service using AVRecon malware to hijack over 369,000 routers and IoT devices for anonymous internet access.
  • Who coordinated the Socksescort takedown? The DOJ, FBI, IRS-CI, Europol, Eurojust and European law enforcement agencies worked together in Operation Lightning.
  • How much cryptocurrency was seized in the operation? Authorities froze approximately $3.5 million in cryptocurrency linked to payments to the proxy service operators.
  • How did AVRecon infect routers worldwide? AVRecon exploited vulnerabilities in outdated or poorly secured routers, quietly adding them to a global proxy botnet.

Related Articles

Franklin Templeton建立主动加密部门以追逐机构资金 1

Franklin Templeton建立主动加密部门以追逐机构资金

A New Division With Deep Roots The deal closes with the full 250 Digital investment team joining Franklin Templeton, along

Moneygram Runs Solana Validator Node, Processing Blocks on the Network It Moves Money On 1

Moneygram Runs Solana Validator Node, Processing Blocks on the Network It Moves Money On

Moneygram Enters Solana’s Validator Set The Dallas-based global payments company announced the move on Monday, marking its first direct participation

ICE Joins OKX in 50-50 Broker-Dealer Deal Targeting US Tokenized Equity Markets 1

ICE Joins OKX in 50-50 Broker-Dealer Deal Targeting US Tokenized Equity Markets

The two companies disclosed the deal Monday, describing the venture as infrastructure focused on tokenized and digitally native financial products.

Strategy Acquires 520 More Bitcoin for $35M Despite Being Nearly $10B Underwater 1

Strategy Acquires 520 More Bitcoin for $35M Despite Being Nearly $10B Underwater

Smaller Buy, Same Cadence The purchase marks the third consecutive week of bitcoin accumulation for Strategy. Saylor disclosed the transaction

El Salvador Keeps Stacking: 8 BTC Added in a Week as Reserve Tops 7,689 BTC 1

El Salvador Keeps Stacking: 8 BTC Added in a Week as Reserve Tops 7,689 BTC

Buying the Dip, Every Day The latest additions, tracked through the country’s official bitcoin reserve data, bring El Salvador’s stack

Taiko Halts Withdrawals as Hackers Pull $1.7M Through Bridge Validation Flaw 1

Taiko Halts Withdrawals as Hackers Pull $1.7M Through Bridge Validation Flaw

Technical Flaw Leads to $1.7 Million Loss Ethereum scaling solution Taiko confirmed June 22 that its chain state verification mechanism