Lin, a 24-year-old Taiwanese national who used the online moniker “Pharaoh,” pleaded guilty in December 2024 to narcotics conspiracy, money laundering, and conspiring to sell adulterated and misbranded medication. Prosecutors said Incognito Market processed more than $105 million in illegal drug sales between October 2020 and March 2024, facilitating more than 640,000 transactions for hundreds of thousands of buyers worldwide.

According to court filings, Incognito Market operated on the Dark Web and sold large quantities of narcotics, including more than 1,000 kilograms each of cocaine and methamphetamines, as well as hundreds of kilograms of other drugs. The platform also sold purported oxycodone pills, some of which were laced with fentanyl. Lin allegedly oversaw all aspects of the operation, including vendors, customers, and employees, while collecting a 5% fee on each transaction and earning more than $6 million in profits.

Lin shut down the site in March 2024 after stealing at least $1 million in user deposits and attempting to extort buyers and vendors by threatening to expose their identities and cryptocurrency records. In addition to the prison sentence, Lin was ordered to serve five years of supervised release and forfeit over $105 million.

Police seize major illegal IPTV networks

Three major illegal IPTV services have been dismantled as part of a global law enforcement operation coordinated by Europol, Eurojust, and Interpol and led by Italy’s District Prosecutor’s Office of Catania in collaboration with the Italian State Police. Investigations and enforcement activities spanned 11 cities across 14 countries worldwide.

Police identified 31 individuals suspected of involvement in the illicit IPTV networks, including 11 in Italy and others located in the United Kingdom, Spain, Romania, and Kosovo. Eurojust said that the group has been involved in the unauthorized distribution of pay-TV content, illegal access to IT systems, computer fraud, and money laundering.

Police said the dismantled infrastructure illegally served millions of users worldwide, redistributing copyrighted content from platforms including Sky, DAZN, Mediaset, Amazon Prime, Netflix, Paramount, and Disney+. According to the Alliance for Creativity and Entertainment (ACE), the three major IPTV services seized during the operation were IPTVItalia, migliorIPTV, and DarkTV.

In parallel, the US authorities announced the seizure of three US-registered domains (zamunda[.]net, arenabg[.]com, and zelka[.]org) linked to illegal distribution of copyrighted content. The sites were operated from Bulgaria and reportedly attracted tens of millions of visits annually, offered thousands of infringing works, generated millions of downloads, and earned significant advertising revenue.

US authorities forfeit over $400M in assets linked to the Helix cryptomixer

The US authorities have announced they obtained legal title to more than $400 million in seized cryptocurrency, real estate, and monetary assets connected to the Helix cryptocurrency mixing service.

The property was previously seized from Larry Dean Harmon, the operator of Helix, a cryptocurrency mixing service designed to obscure the source, destination, and ownership of digital funds.

Helix processed more than $300 million in cryptocurrency transactions between 2014 and 2017, according to court documents. Prosecutors said the service was one of the most popular mixers on the Dark Web and was frequently used by online drug traffickers to launder illicit proceeds. Authorities estimate that Helix handled at least 354,468 bitcoin during its operation, much of it linked to illegal drug marketplaces.

Larry Dean Harmon pleaded guilty in August 2021 to conspiracy to commit money laundering. In November 2024, he was sentenced to 36 months in prison, followed by three years of supervised release, and was ordered to forfeit the seized assets as part of a forfeiture money judgment.

Authorities said Harmon earned commissions by retaining a percentage of each transaction. He also operated the Dark Web search engine Grams, and designed Helix’s API to integrate directly with major underground markets for laundering of criminal proceeds.

A 20-year-old man arrested in Poland in major DDoS attack investigation

Police officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out multiple DDoS (Distributed Denial of Service) attacks on popular websites worldwide, including well-known online services.

The authorities allege that the suspect is responsible for organizing, executing, and administering software used to disrupt IT systems. He faces a potential prison sentence of up to five years.

During a search of the suspect’s apartment, officers seized computer equipment that supported the IT infrastructure used to host and distribute DDoS attack tools. The man admitted to most of the charges and provided statements to investigators. He has been released on bail.

In a separate case, CBZC has dismantled an organized crime group that extorted money from Facebook users via BLIK code scams. Between 2023 and 2025, the group hijacked over 1,500 Facebook accounts, impersonated users to defraud friends, and laundered proceeds through gift cards, Dark Web services, and cryptocurrencies, impacting at least 750 victims. Nine suspects aged 18–27 were arrested across several regions of Poland, and assets worth around PLN 4 million (~EUR 950,000), including cryptocurrencies and luxury watches, were seized. All suspects are in pre-trial detention. The investigation is ongoing.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Vietnam police arrest three over global email data theft operation

Vietnamese police have arrested three young men for their alleged role in a large-scale cybercrime operation involving more than 8.4 billion stolen email accounts worldwide.

Authorities said the suspects operated the scheme between 2024 and 2025, collecting and reselling compromised email login credentials for profit. The group is believed to have targeted accounts exposed in earlier data breaches, using automated software to gain unauthorized access.

The suspects used the Telegram messaging service to communicate with foreign buyers and suppliers, negotiating transactions and exchanging massive datasets. After accessing the accounts, the group allegedly analyzed personal information linked to the email addresses and resold the data through online channels, earning tens of thousands of US dollars.

Vietnamese authorities have not released the suspects’ full identities, identifying them only by their initials. The men face criminal charges related to illegal intrusion into computer networks, telecommunications networks, or electronic devices under Vietnamese law.