Authorities pulled the plug on the Socksescort proxy empire, freezing $3.5 million in crypto and exposing a global router botnet.
U.S. and European authorities have dismantled Socksescort, a residential proxy network powered by AVRecon malware that quietly hijacked more than 369,000 devices across 163 countries. Operating since 2020, the service sold access to infected home routers, allowing criminals to disguise their IP addresses while carrying out cryptocurrency account takeovers, bank fraud, ransomware attacks and other schemes. Imagine a world where your router is a willing accomplice in your financial ruin-thankfully, someone finally made it stop.
Victims reportedly lost millions, including $1 million from a New York crypto investor and $700,000 from a Pennsylvania business. During “Operation Lightning,” officials seized 34 domains, shut down 23 servers in seven countries, froze $3.5 million in cryptocurrency payments, and disconnected thousands of infected devices from the network. The crackdown involved the U.S. Department of Justice (DOJ), FBI, IRS Criminal Investigation, Europol, Eurojus,t and several European law enforcement agencies. It’s like a global game of Whac-A-Mole, but with more legal paperwork and fewer moles.
Authorities believe evidence from seized servers could lead to additional prosecutions. Officials also warned that compromised routers remain a weak point in global cybersecurity, urging owners to update firmware, secure devices, and replace outdated hardware. Experts say dismantling the network removes a key tool used to hide ransomware operations, DDoS attacks, and crypto-related fraud carried out through residential proxy infrastructure. Because nothing says “safety” like a router that’s secretly a spy for cybercriminals.
FAQ 🔎
- What was the Socksescort proxy network? Socksescort was a residential proxy service using AVRecon malware to hijack over 369,000 routers and IoT devices for anonymous internet access. Think of it as the digital equivalent of a cloak of invisibility, but with more malware and fewer wizards.
- Who coordinated the Socksescort takedown? The DOJ, FBI, IRS-CI, Europol, Eurojust and European law enforcement agencies worked together in Operation Lightning. Because if you’re going to take down a global botnet, you might as well do it with a team that includes a few very serious people in suits.
- How much cryptocurrency was seized in the operation? Authorities froze approximately $3.5 million in cryptocurrency linked to payments to the proxy service operators. A sum so large, it could buy a small island-or at least a very fancy coffee for the entire FBI team.
- How did AVRecon infect routers worldwide? AVRecon exploited vulnerabilities in outdated or poorly secured routers, quietly adding them to a global proxy botnet. Because nothing says “I’m a security risk” like a router that’s been left unpatched since the early 2000s.
Read More
- Building 3D Worlds from Words: Is Reinforcement Learning the Key?
- Spotting the Loops in Autonomous Systems
- The Best Directors of 2025
- 2025 Crypto Wallets: Secure, Smart, and Surprisingly Simple!
- 20 Best TV Shows Featuring All-White Casts You Should See
- Mel Gibson, 69, and Rosalind Ross, 35, Call It Quits After Nearly a Decade: “It’s Sad To End This Chapter in our Lives”
- Umamusume: Gold Ship build guide
- Uncovering Hidden Signals in Finance with AI
- Gold Rate Forecast
- TV Shows That Race-Bent Villains and Confused Everyone
2026-03-15 01:03