With the joint operation of the US Department of Justice (DOJ) and Europol, the international proxy network called SocksEscort, which has been active for approximately 15 years, was disabled in a large-scale operation. This network has been used as an important tool for both cryptocurrency-related frauds and different cyber attacks, providing cybercriminals with anonymity for many years.
Scope of Proxy Network and Methods Used
SocksEscort infiltrated more than 369 thousand devices worldwide and took control of many hardware, including routers and IoT devices. The devices in question were infected with AVRecon malware and rented clean IPs to cybercriminals over the managed network. This infrastructure has provided a great advantage, especially for people who want to bypass the fraud detection mechanisms of financial institutions and cryptocurrency exchanges.
As a result of the operation, 23 servers were disabled and 34 domain names were seized in cooperation with 8 countries, including France, Germany and the Netherlands. It was shared that SocksEscort’s total income over the years was approximately 5.8 million dollars.
The details of disabled servers and blocked accounts reflect long technical monitoring and coordination by law enforcement in different countries. While 3.5 million dollars worth of crypto money was seized within the scope of the operation, it was stated that a victim in New York lost approximately 1 million dollars after his account was compromised through this network.
Reflections on Crypto Exchanges and Users
The collapse of SocksEscort, which had over 124 thousand registered users, served the purpose of legitimizing the traffic of users registered on the exchange. With the seizure of the servers, it became easier for security authorities to access past transaction records in the system.
According to the statements of FBI Cyber Crimes Department Deputy Director Jason Bilnoski, the identities of thousands of people using SocksEscort have been identified. It is emphasized that the database in question may form the basis for chain arrests in the future.
Jason Bilnoski, Deputy Director of the FBI’s Cyber Crimes Department, stated that with the collapse of SocksEscort, thousands of users were now in a position to hide, and stated that large-scale new cases are expected to be filed.
Regulatory authorities are preparing to tighten traffic verification practices on crypto exchanges. Exchanges will have to question more clearly whether user traffic is coming from a real internet service provider or botnet infrastructure. This approach to improving compliance could lead to increased security standards across the industry.
While the closure of SocksEscort is seen as a serious blow for criminals dependent on the infrastructure in question, it also stands out as the beginning of a new era in the traceability of related cryptocurrency transactions.
