Europol Dismantles Crime Syndicate Behind 49 Million Fraud Accounts

Europol has dismantled a complicated cybercrime syndicate accused of making greater than 49 million faux on-line accounts, together with fraudulent profiles linked to main cryptocurrency platforms.

The operation, codenamed “SIMCARTEL,” uncovered a complicated SIM farm-for-hire network that bought momentary cell numbers used to bypass two-factor authentication, permitting criminals to mass-produce faux identities and commit large-scale monetary fraud.

According to Europol, the syndicate’s infrastructure supported account creation for a spread of on-line companies, from e-commerce websites to digital banks and crypto exchanges.

These faux accounts have been then used to launder illicit funds, run phishing campaigns, and facilitate smishing scams focusing on European customers.

The coordinated raid, executed on October 10, 2025, by Latvian authorities with assist from Europol and Eurojust, led to seven arrests and the seizure of a whole bunch of SIM servers, routers, and digital gadgets.

Investigators consider the group generated thousands and thousands in revenue by renting entry to its cellphone quantity swimming pools and authentication-bypass instruments.

While the arrests mark a significant win for European cybercrime enforcement, the size of the operation raises deeper questions on how 49 million faux accounts, together with these tied to regulated crypto platforms, have been in a position to exist undetected for therefore lengthy.

How Did 49 Million Fake Coinbase Accounts Exist Before Europol Stepped In?

For years, the subtle cybercrime community quietly fueled one of many largest faux account operations on the planet, creating thousands and thousands of fraudulent profiles earlier than Europol lastly shut it down.

According to Europol, investigators uncovered a SIM farm infrastructure that allowed criminals to hire out cellphone numbers from over 80 nations.

This allowed them to bypass cellphone verification programs utilized by exchanges, banks, and social platforms and successfully automate the creation of faux accounts at scale.

The operation revolved round two main web sites, GoGetSMS(.)com and APISIM(.)com, which offered criminals with momentary cellphone numbers registered in additional than 80 nations.

These companies have been particularly designed to bypass on-line verification processes resembling SMS-based two-factor authentication (2FA).

By renting entry to those numbers, scammers have been in a position to automate the creation of faux accounts for phishing, smishing (SMS-based phishing), cash laundering, extortion, and cryptocurrency fraud.

According to Europol, legislation enforcement businesses from 14 nations, led by Austria and Latvia, executed simultaneous raids in late September, seizing 1,200 SIM field gadgets able to working over 40,000 energetic SIM playing cards, together with 5 servers, a whole bunch of 1000’s of inactive SIM playing cards, 4 luxurious automobiles, €431,000 in financial institution accounts, and $333,000 in cryptocurrency.

The syndicate’s infrastructure acted as a crime-as-a-service (CaaS) mannequin, permitting purchasers to buy or hire digital cellphone identities. Criminals used these faux identities to register mass numbers of on-line accounts on social media, relationship websites, and crypto exchanges.

Investigators traced the prison community to 1000’s of circumstances of cyber fraud, inflicting greater than €4.5 million in confirmed losses throughout Europe.

Latvia reported losses of €420,000, whereas Austrian authorities recorded almost €4 million. Europol emphasised that the true world harm might be far greater, because the faux accounts have been tied to phishing rings and darknet distributors working throughout a number of continents.

Beyond monetary losses, the case uncovered severe flaws within the world reliance on SMS-based 2FA as a safety customary. Criminal teams exploited these weaknesses through the use of SIM swapping, SIM cloning, and SIM farming to intercept verification codes and authenticate fraudulent accounts.

Experts famous that so long as monetary establishments and crypto platforms depend upon cellphone quantity verification, such schemes will proceed to pose a menace.

International Task Forces Target SIM Fraud Networks as Crypto Losses Soar

Global legislation enforcement businesses are stepping up operations towards SIM-swap fraud networks as crypto-related crime losses hit new highs. The FBI’s 2024 Internet Crime Report recorded a 66% surge in cryptocurrency fraud, totaling $9.3 billion, a lot of it linked to SIM-based schemes that hijack cellphone numbers to entry victims’ wallets and trade accounts.

In a number of incidents, such assaults have been used to empty trade accounts or hijack digital wallets.

A latest instance got here in September when the U.S. Department of Justice filed a civil forfeiture complaint to seize over $5 million in Bitcoin tied to SIM swap assaults that focused victims nationwide.

Also in June 2025, two customers of the crypto trade OKX reported losses following a SIM swap hack triggered by fake SMS alerts.

The attackers exploited the textual content message system to persuade victims to generate new API keys, permitting unauthorized withdrawals.

Security analysts have warned that whereas corporations are including further verification layers, the widespread reliance on phone-based authentication stays a vulnerability.

Additionally, the latest Europol-led operation reveals a coordinated worldwide pushback. This effort follows a string of European takedowns, from the Archetyp Market, a darkish net platform with €250 million in illicit trades, to a €460 million crypto fraud ring in Spain and the “Mafia Crypto Bank” laundering community.

The submit Europol Dismantles Crime Syndicate Behind 49 Million Fraud Accounts appeared first on Cryptonews.