UK’s NCA Officer Charged With Bitcoin Theft
Read also: Alleged LockBit Developer Extradited From Israel To US, a cybercrime group dismantled in Ukraine, and more.
Thursday, March 20, 2025
UK’s NCA officer charged with alleged theft of £60,000 in Bitcoin
A 42-year-old operational officer with the National Crime Agency (NCA) has been charged following allegations of theft involving nearly £60,000 worth of Bitcoin. Paul Chowles, faces a total of 15 charges related to the 2017 incident, in which he is accused of unlawfully taking 50 Bitcoin during an investigation into online organized crime.
The charges include 11 counts of concealing, disguising, or converting criminal property, three counts of acquiring, using, or possessing criminal property, and a single charge of theft.
In a major crackdown on fraud, British law enforcement made 422 arrests as part of the ‘Operation Henhouse’ effort. Authorities seized £7.5 million in cash and assets and imposed account freezing orders totaling £3.9 million.
In other news, Spanish police have dismantled a criminal network that was involved in nationwide online scams, causing financial damage exceeding 150,000 euros. Police arrested sixteen individuals who were acting as the financial arm of the organization, operating through fake online ads with a sophisticated banking fraud scheme. In separate operations in Málaga, Murcia, and Madrid, police dismantled a criminal group behind cryptocurrency investment fraud. The fraud involved approximately 400 BTC, valued at around 30 million euros, and eight individuals were arrested.
Suspected LockBit dev extradited from Israel to the US
Rostislav Panev, a dual Russian and Israeli national, was extradited to the United States after being arrested in Israel in August 2024 on charges related to his involvement in the LockBit ransomware group. Panev, 51, allegedly was a developer for LockBit from its creation in 2019 through at least February 2024.
LockBit's operations affected over 2,500 victims across 120 countries, with 1,800 of them in the US. The group targeted a wide range of entities, including individuals, businesses, hospitals, schools, and government agencies, extorting more than $500 million in ransom and causing billions in losses due to business disruptions and recovery efforts.
Panev’s role involved creating and maintaining the ransomware code and operational infrastructure, working alongside affiliates who carried out the attacks. He was arrested after Israeli authorities found evidence on his computer, including administrator credentials for a Dark Web repository containing the LockBit source code, as well as tools used for data exfiltration and a control panel to manage affiliate operations.
Further investigations revealed that Panev communicated with Dimitry Khoroshev, believed to be a key LockBit administrator, and received over $230,000 in cryptocurrency payments for his work. Panev admitted to writing code to disable antivirus software, deploy malware, and print ransom notes. He also provided technical support to other members of the group.
Ukraine’s police disrupt a cybercrime group engaged in fraudulent crypto activities
In a coordinated international operation, Ukraine’s cyberpolice, along with law enforcement agencies from Latvia and Germany, dismantled a transnational criminal group engaged in fraudulent cryptocurrency activities. The group, consisting of individuals from Ukraine and several EU countries, had been operating since the beginning of 2021, primarily targeting European citizens.
The criminal scheme involved advertising fake cryptocurrency “cloud mining” services, where victims were promised returns by renting computing power to generate virtual assets. In reality, the mining activities were non-existent, and the criminals created a fake online platform to deceive individuals into investing and sharing personal information. The Ukrainian authorities identified three suspects who acted as “money mules,” helping to launder the illegally obtained funds.
Latvian law enforcement discovered cryptocurrency wallets used by the criminals. The investigation revealed that a total of 154.6 bitcoins (BTC), nearly $13 million, were funneled through the wallets. At least $300,000 in damages have been confirmed thus far. The fraudulent operation affected victims in various countries, including the United States, Latvia, Israel, Malta, and Spain.
As part of the operation, Ukrainian police carried out several searches at locations connected to the suspects, while German authorities simultaneously executed searches at the residences of two group members in Germany. Multiple pieces of evidence related to the fraudulent activities were seized during the searches.
Thai police arrest retired programmer for operating Dark Web child exploitation sites and selling spyware
Thai police, in collaboration with US Homeland Security Investigations (HSI), have apprehended a German national for his involvement in running multiple Dark Web sites distributing child sexual abuse material. The arrest took place on March 5, 2025, with authorities seizing computer servers, laptops, mobile phones, storage devices, and bank accounts. Digital forensic analysis of the seized materials revealed over 140,000 illicit files.
The investigation began in December 2024 when HSI alerted Thai authorities to suspicious Dark Web activity linked to Thailand. Further investigation led to the identification of the suspect, a retired programmer who had relocated to Thailand. He had established two Dark Web sites offering over 5,000 videos, mainly featuring minors. The sites were structured on a subscription model where users had to pay in cryptocurrency (Bitcoin or Monero), with a minimum entry fee of $10. These sites had approximately 10,000 members.
After receiving payments in cryptocurrency, the suspect would transfer the funds through several digital wallets before converting them into Thai baht for personal use. During questioning, the man admitted to creating and managing the websites, leveraging the Tor network and WampServer software. In addition to running underground websites, he was also selling spyware on the Dark Web for $16.95 per month, which could monitor phone conversations, record keystrokes, capture notifications, track locations, and access files on compromised devices.
The suspect faces numerous serious charges, including possession and distribution of child sexual abuse material, importing and exporting illicit content, operating a commercial enterprise involved in exploitation, and inputting illegal computer data accessible to the public.
Suspected leader of a large-scale online fraud operation charged in Germany
A man suspected of leading a sophisticated international fraud network has been formally charged in Germany after allegedly defrauding 105 people of approximately €7.6 million ($8.3 million) through call centers and fraudulent online trading platforms.
The accused, a 42-year-old man whose identity remains undisclosed, was arrested at Larnaca Airport in Cyprus in July 2024, following an arrest warrant issued by the Bamberg district court. After being extradited to Germany in mid-August, the suspect is now in custody, awaiting trial.
Prosecutors claim the man was a key figure in a large-scale fraud operation that spanned from 2016 to 2021. The criminal network is believed to have maintained multiple call centers abroad, including locations in Israel, Serbia, and Albania.
Several of his accomplices have already been convicted and sentenced to prison terms in both Bavaria and Albania. Three years ago, a large-scale raid was carried out in the Albanian capital, Tirana, as part of the ongoing investigation into the international scam.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.