Read also: Authorities seize $12M in crypto from a fraud scheme; shut down the W3LL phishing op, an FBI-wanted hacker who faked his own death arrested in Ukraine, and more.

Views: 1k Read Time: 4 min.

Dutch police arrest eight suspects in major fake ID marketplace crackdown

Dutch police have arrested eight people suspected of selling forged documents through the VerifTools online marketplace. The suspects, aged between 20 and 34, were believed to be among the most active users, generating dozens of fake identity documents.

Authorities dismantled the VerifTools website on August 27, 2025, in a joint operation with the FBI. The platform, which allowed users to create fake ID images by uploading photos and entering false details, was used by criminals to hide their identities.

VerifTools was considered one of the largest providers of forged documents, generating more than €3 million in its final year online. Its services were easily accessible via multiple web addresses.

During searches linked to the arrests, police seized smartphones, laptops, cash, cryptocurrency, and several weapons or weapon-like objects. In addition to the eight arrests, nine more suspects have been summoned for questioning, including two minors aged 15 and 16. Authorities have held intervention talks with the underage suspects. The arrested individuals are suspected of identity fraud, forgery, and other cybercrime-related offenses.

Authorities seize $12M in crypto from a fraud scheme; shut down the W3LL phishing op

Law enforcement agencies in the United States, United Kingdom and Canada have seized more than $12 million in cryptocurrency linked to a large-scale cybercrime operation that targeted thousands of victims worldwide.

As a result of the operation, known as “Operation Atlantic,” police identified over 20,000 victims across the three countries. The cybercriminal group used a tactic known as “approval phishing,” in which victims are lured with investment opportunities and then tricked into handing out access to their cryptocurrency wallets. Once access was granted, the attackers drained funds from the wallets.

Authorities have also seized more than 120 domains linked to the phishing operation. Officials said they have identified over $45 million in stolen cryptocurrency linked to related fraud schemes.

Since January 2024, the FBI and the US Secret Service have identified more than 8,000 victims of cryptocurrency investment scams as part of “Operation Level Up.” According to the FBI, approximately 77% of victims were unaware they were being defrauded, and intervention efforts have helped save an estimated $511 million in potential losses.

Additionally, the FBI and Indonesian authorities shut down a global phishing operation that used the W3LL phishing kit to steal login credentials and attempt over $20 million in fraud. The tool let cybercriminals create fake websites that captured usernames, passwords, and session data, allowing them to bypass security measures. It was sold via an online marketplace called ‘W3LLSTORE,’ which was closed in 2023.

FBI’s most-wanted hacker who faked his own death arrested in Ukraine

Ukrainian National Police uncovered and arrested a member of an international cybercrime syndicate who had been wanted by the FBI for fraud totaling hundreds of millions of dollars. The suspect targeted individuals and organizations in the United States and Europe using malware to steal sensitive data and extort money. To evade capture, he faked his own death and lived in Ukraine under a false identity with forged documents.

Following a coordinated operation involving multiple Ukrainian law enforcement agencies and international partners, the suspect was detained in the city of Uzhhorod. Authorities also identified accomplices who helped launder the illicit funds through property purchases. During searches, police seized assets worth tens of millions of hryvnias (around $3 million), including cash and cryptocurrency.

The suspect and his accomplices have been charged with document forgery and money laundering and are currently in custody. Authorities didn’t disclose the name of the suspect or the ransomware gang he was involved with.

In a separate case, Ukrainian police identified a 16-year-old suspect involved in a series of parcel locker break-ins and package thefts. The teen hacked into the locker system by studying how the official delivery app works. He then created software to bypass the payment process and developed a fake app resembling the official one to gain unauthorized access. As a result, parcels appeared as paid in the system and were released without actual payment.

Kazakhstan authorities bust SMS blaster scam in first-of-its-kind CIS crackdown

Authorities in Kazakhstan have arrested four suspects in connection with an SMS phishing operation that used a mobile “SMS blaster” device to flood citizens with scam messages.

According to the Financial Monitoring Agency (AFM), the suspects deployed a high-powered SMS blaster mounted inside a vehicle, allowing them to move through densely populated areas while broadcasting scam messages. The device, which mimicked legitimate cellular base stations, operated within a radius of up to 300 meters and was capable of sending as many as 100,000 messages per hour. The equipment generated a 4G signal that forced nearby mobile devices to downgrade to the less secure 2G network. Once connected, victims’ phones automatically received preloaded SMS messages that bypassed telecom operators’ filters.

The fraudulent messages were disguised as official communications from well-known companies, offering users to exchange accumulated bonuses for goods. Recipients who clicked the links were redirected to phishing websites designed to harvest sensitive personal and financial data. Victims were prompted to enter information including their full name, phone number, bank card details, CVV codes, and SMS verification codes. All four suspects are currently in custody.

Meanwhile, in Russia, authorities have arrested two individuals, aged 48 and 19, for hacking self-service kiosks at Tasty and Point restaurants. The pair reportedly crafted a homemade device, which they connected to the kiosks to breach the restaurants’ internal network. The alleged goal was to access the rewards system and reduce the food expenses. Both suspects are now in custody.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A suspected leader of a bank fraud ring extradited to Sweden

A Swedish man in his 30s has been extradited from the United States to Sweden, where he is suspected of orchestrating a large-scale bank fraud scheme that allegedly defrauded victims of more than 60 million kronor (~€6 million).

The suspect had been in US custody since late 2024 and is believed to have played a leading role in a criminal network that targeted at least 25 victims between July 2021 and July 2023.

According to local media reports, victims were contacted via text messages or phone calls by individuals posing as bank employees. They were then instructed to download a mobile application, which the fraudsters used to remotely access accounts and steal funds.

Swedish authorities identified the suspect by IP address tracking and covert surveillance of digital communications. At the time he was located, he was already under suspicion in the US for separate money laundering offenses.

The man was arrested in November 2024 and remained in US detention. In March, he was convicted of money laundering and sentenced to three months in prison, a term considered already served due to time spent in custody.

In South Korea, the mastermind behind the 2011 Hyundai Capital hacking case, a man in his 50s identified as Jeong, has been arrested and sent to prosecutors after being on the run for over a decade. He is accused of orchestrating a major cyber intrusion that saw company servers assessed more than 40,000 times and the personal data of about 1.75 million users stolen. After hiding abroad for years, he was apprehended upon re-entering the country. Most other key accomplices had already been arrested and convicted earlier.