A US federal contractor accused of stealing $46 million in cryptocurrency has been arrested in the Caribbean, according to the Federal Bureau of Investigation (FBI).

Authorities detained John Daghita on the island of Saint Martin following a joint operation involving the FBI and France’s elite Groupe d'Intervention de la Gendarmerie Nationale (GIGN). Police officers also seized an undisclosed amount of cash in $100 bills, as well as multiple hard drives and security keys during the operation.

The suspect, who allegedly used the online handle “Lick,” is the son of the president and CEO of a Virginia-based firm that assisted the US Marshals Service in managing and disposing of seized digital assets since October 2024. Some of the assets were reportedly connected to the notorious 2016 Bitfinex hack, one of the largest cryptocurrency thefts in history, that resulted in the loss of about 120,000 bitcoins.

The case first surfaced publicly in January 2026 when a blockchain investigator traced $23 million in movements from wallets linked to assets held by the US Marshals Service. According to the FBI, the transactions were connected to addresses associated with Daghita.

According to the investigator, the suspect accidentally exposed himself during a dispute with another threat actor in a recorded private Telegram conversation. During the exchange, Daghita allegedly demonstrated how he can move large amounts of cryptocurrency between wallets in real time. Further blockchain analysis linked the wallets to government-seized funds from the Bitfinex case.

Russian man pleads guilty in Phobos ransomware scheme

A Russian man has pleaded guilty in the United States for his role in running the Phobos ransomware cybercrime operation. Evgenii Ptitsyn, 43, admitted to a wire fraud conspiracy charge related to helping manage the ransomware service, which targeted organizations around the world.

The malware is part of the Crysis ransomware family and has been spread through many criminal partners. The US Department of Justice said the group collected more than $39 million in ransom payments from over 1,000 victims, including schools, hospitals, and government agencies.

Ptitsyn was extradited from South Korea to the United States in November 2024. Prosecutors say he oversaw the sale and distribution of the ransomware to affiliates through a Dark Web website and criminal forums. The affiliates broke into victims’ networks using stolen login credentials, stole data, and locked files with ransomware before demanding payment. Victims were sometimes threatened with having their data leaked online if they refused to pay.

According to court documents, affiliates paid Ptitsyn a fee for decryption keys and he also took a share of ransom payments. He is scheduled to be sentenced on July 15 and faces up to 20 years in prison.

Another suspected Phobos affiliate was arrested in Poland in February of this year as part of “Operation Aether,” an international law enforcement initiative targeting the infrastructure and affiliates of the Phobos ransomware network.

Spanish police dismantle network exploiting Ukrainian women in online gambling fraud

Police in Spain have dismantled a criminal organization involved in exploiting vulnerable Ukrainian women and using stolen identities to defraud online gambling platforms. The operation led to the arrest of a total of 12 suspects.

The group recruited at least 55 women from war-affected areas of Ukraine. After bringing them to Spain, the organization arranged housing and helped them obtain temporary protection status. The women were then taken to banks to open accounts and receive credit cards that were then used to move illegal profits.

Authorities allege the organization operated a computer fraud system using automated programs, or “bots,” to place thousands of simultaneous bets at low odds on gambling platforms. The scheme used identities stolen from more than 5,000 people across 17 different nationalities, allowing the group to create multiple betting accounts and generate what appeared to be legitimate winnings.

According to authorities, the network generated nearly €4.75 million through the operation. The money was transferred to bank accounts opened in the names of the recruited women or to accounts controlled by the suspects in Spain and abroad.

In coordinated raids across Spain, police searched nine properties in Alicante and Valencia, seizing more than €200,000 in cryptocurrencies, €73,000 in cash, four high-end vehicles, 88 mobile phones, 20 computers, and 22 automated betting bots. Authorities also froze 10 properties worth over €2 million and bank accounts in Spain and 10 other countries containing more than €470,000.

Former DCF IT worker indicted for allegedly leaking confidential case info for bribes

A former employee of the New Jersey Department of Children and Families has been indicted for allegedly accepting bribes in exchange for confidential information from a child welfare case file. Susaida Nazario, 44, was charged with four criminal counts tied to the alleged misuse of sensitive state records.

Prosecutors say Nazario worked as a technical assistant in the agency’s Information Technology Division in Trenton between January and August 2021. During that time, she allegedly accessed a confidential case file connected to the Division of Child Protection & Permanency, the branch responsible for investigating child abuse and neglect.

According to the indictment, Nazario allegedly posed as a DCF caseworker when communicating with a person involved in the case. Authorities say she then requested and accepted money from that individual in exchange for assistance, including offering to disclose confidential details from the case file.

Nazario faces charges of bribery in official and political matters, acceptance of an unlawful benefit by a public servant, official misconduct, and theft by deception. The first three counts are second-degree offenses, each carrying a potential sentence of five to 10 years in prison and fines of up to $150,000. The theft by deception charge is a third-degree offense, punishable by three to five years in prison and a fine of up to $15,000.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Germany and France dismantle online banking fraud group

German and French authorities have dismantled a criminal group suspected of running an online fraud scheme that targeted victims in Germany and caused losses of around €1 million.

During a joint action day on 10 March, law enforcement officers arrested three suspects, including the alleged leader of the group located in France. After an arrest warrant was issued, he was brought before a French judge and placed in custody. The Chamber of Instruction will now decide whether he will be handed over to the German authorities.

Searches were also carried out in Germany and France during the operation. Authorities seized several assets, including cryptocurrencies and jewelry believed to be linked to the fraud.

According to authorities, the group used phishing emails to steal login details for online banking and gain access to victims’ mobile phones. They were then able to bypass additional security checks needed to transfer or withdraw money. The stolen funds were moved to fake cryptocurrency accounts and hidden to make them harder to trace. Investigations are still ongoing.