A Chinese woman known as the “Bitcoin Queen” has been sentenced to 11 years and eight months in prison by a London court for laundering proceeds from a £5.5 billion ($7.3 billion) cryptocurrency investment scam.

Zhimin Qian, 47, also known as Yadi Zhang, was found guilty of laundering thousands of Bitcoin linked to a massive fraud operation that defrauded over 128,000 investors in China between 2014 and 2017. Qian led the multi-billion-pound scam, which promised investors extraordinary returns of 100% to 300% through bogus cryptocurrency investments.

Following a seven-year investigation by the Metropolitan Police’s Economic Crime Command, officers uncovered that Qian had raised more than 40 billion yuan (approximately £4.5 billion) before converting the funds into Bitcoin and fleeing to the UK in 2017. Authorities seized 61,000 Bitcoin now valued at roughly £5.5 billion, as well as assets totaling £11 million ($14.4 million), including cryptocurrency wallets, cash, gold, and encrypted electronic devices.

Qian’s associate, 47-year-old Seng Hok Ling, received a four-year and 11-month sentence for transferring criminal property. Another accomplice, Jian Wen, was sentenced in May 2024 to six years and eight months in prison for helping Qian attempt to launder the cryptocurrency through luxury property purchases.

In an unrelated case, Google has filed a lawsuit against Smishing Triad, a cybercrime group believed to be based in China, for running large-scale SMS phishing (smishing) campaigns since at least 2023. The group impersonated services such as E-ZPass, USPS, banks, healthcare providers, law enforcement, and social media platforms to steal sensitive information. Google’s legal action specifically targets Lighthouse, a phishing-as-a-service operation used by the group to send malicious messages linking to fake websites that harvest users’ credentials and financial data. The Lighthouse kit reportedly enabled attacks on over one million users in 120+ countries, resulting in the theft of an estimated 12 million to 115 million credit cards in the US alone.

Europol and partners target Rhadamanthys info-stealer, take down 1025 servers

In the latest phase of Operation Endgame, Europol and law enforcement agencies from 11 countries have dismantled large-scale cybercrime infrastructure linked to some of the world’s most notorious malware families, including the Rhadamanthys info-stealer, the VenomRAT remote access trojan, and the Elysium botnet.

Rhadamanthys is an information stealer sold under a malware-as-a-service (MaaS) model, designed to harvest sensitive data such as passwords, cookies, and authentication tokens from infected systems.

Authorities conducted 11 searches in Germany, Greece, and the Netherlands resulting in the arrest of one suspect in Greece on 3 November 2025, believed to be the main operator behind VenomRAT.

As part of the operation, over 1,025 servers were disrupted or taken down, and 20 domains were seized. The dismantled infrastructure had infected hundreds of thousands of computers worldwide, compromising millions of credentials. According to Europol, the main suspect behind the info-stealer had access to over 100,000 cryptocurrency wallets, potentially worth millions of euros.

Operation Endgame, one of Europe’s largest coordinated cybercrime efforts, has previously targeted other major malware networks including SmokeLoader, DanaBot, IcedID, Pikabot, Trickbot, and Bumblebee.

Russian hacker to plead guilty to selling access to US companies for ransomware attacks

A Russian national is expected to plead guilty to hacking American companies and selling network access to ransomware groups. Aleksei Olegovich Volkov, aka “chubaka.kor,” acted as an initial access broker (IAB) for the Yanluowang ransomware group between July 2021 and November 2022. Prosecutors said Volkov used phishing campaigns and credential theft to compromise corporate networks, later selling that access to cybercriminals who deployed ransomware against the victims.

According to court documents, Volkov was involved in attacks on at least seven US organizations, including a bank, a telecommunications firm, and an engineering company. Two of the victims reportedly paid ransoms totaling $1.5 million in Bitcoin, of which Volkov received a share.

Volkov’s activities came to light shortly after the Yanluowang group’s 2022 attack on US-based technology conglomerate Cisco Systems. The gang’s operations shut down months later after its own infrastructure was compromised and its internal data leaked.

Volkov was arrested in Rome in 2024 after leaving Russia, reportedly to avoid military conscription amid the ongoing war in Ukraine. He was extradited to the United States later that year. He now faces up to 50 years in prison and fines reaching $1 million, in addition to restitution payments to his victims. A sentencing date has not yet been set.

Samourai Wallet dev gets 5 years in prison for running an unlicensed money transmitting business

Keonne Rodriguez, co-founder and CEO of the privacy-focused cryptocurrency mixing service Samourai Wallet, was sentenced to five years in US federal prison for his role in operating an unlicensed money transmitting business.

Prosecutors accused Rodriguez and his co-developer, William Lonergan Hill, of facilitating the laundering of more than $237 million in illicit funds through Samourai Wallet. The service, which was shut down by authorities in April 2024, allegedly handled proceeds from hacks, online fraud schemes, and drug trafficking operations.

Rodriguez and Hill were arrested in April 2024 and initially charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money transmitting business. In a plea deal reached this past July, both men admitted guilt on the lesser unlicensed transmitting charge in exchange for prosecutors dropping the more serious money laundering conspiracy charge, which carries a potential 20-year sentence. Rodriguez received the maximum penalty allowed for his plea. Hill, who served as Samourai’s chief technology officer, is scheduled to be sentenced later this month.

Crypto privacy tools and their developers face increased attention from authorities. In August of this year, Roman Storm, a co-founder of the Tornado Cash crypto mixer, was found guilty of running an unlicensed money transfer business. However, the jury could not agree on whether he was also guilty of money laundering or breaking international sanctions. Both offenses carry potential sentences of up to 20 years in prison. According to a recent media report, Storm has asked a US federal judge to acquit him of the sole remaining charge of illegal money transmission and to dismiss the stalled charges of money laundering and sanctions violations due to the prosecution’s failure to prove any intent to help malicious actors use the crypto mixer.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Five arrested in international crackdown on high-tech car theft network

Five suspects have been arrested in a major international operation targeting a sophisticated network of car thieves who used reprogrammed electronic devices to steal vehicles. The coordinated action, led by Eurojust with support from French and Italian investigators, dismantled a criminal group that had been producing and distributing high-tech tools capable of bypassing vehicle security systems.

The main suspect, a French national, allegedly began manufacturing the devices in 2022, using components such as reprogrammed speakers to unlock cars using decoded keys. The devices were sold worldwide via encrypted messaging platforms for prices ranging between €3,000 and €50,000, with known car thieves among the clients. The tools reportedly worked on several well-known and luxury car brands.

Investigators believe the main suspect worked with an Italian accomplice known for his technical skills. The pair allegedly used unsuspecting intermediaries to obtain original car keys for decoding purposes and tested their devices on luxury vehicles abroad. During coordinated raids, five individuals were arrested in France, with three suspects placed in detention following police custody. In Italy, authorities discovered a manufacturing site with equipment for designing and producing the illegal devices, along with packages ready for shipment.

Searches in France led to the seizure of six vehicles, over €100,000 in cash, luxury goods, and theft devices with an estimated market value of around €1 million.