Feds Bust Malware Ring Targeting Crypto Wallets

Reading Time: 2 minutes
The U.S. Justice Department has seized domains linked to major info-stealer malware
Tools like Raccoon and Vidar were used to drain crypto wallets and exchange accounts
Global operation dismantled platforms offering malware-as-a-service to cybercriminals

The U.S. Justice Department (DoJ) has led a major international takedown of domains used to distribute information-stealing malware that targeted cryptocurrency users. The malware—marketed under names like Raccoon, Lumma, and Vidar—was designed to harvest credentials, including crypto wallet seed phrases and exchange login details. The operation, supported by global law enforcement, dealt a blow to the malware-as-a-service ecosystem enabling mass theft of digital assets.

Malware Stole Keys, Seed Phrases, and Exchange Logins

The seized infrastructure was part of a thriving underground business that sold ready-to-use malware tools to cybercriminals. These malware strains were built to extract sensitive data from infected devices, including browser-saved passwords, private keys, and authentication tokens used in crypto trading apps and wallets.

The DoJ published a press release in which Principal Deputy Assistant Attorney General Nicole M. Argentieri explained the purpose of the malware:

These malware services were designed to be user-friendly, allowing even novice cybercriminals to deploy powerful tools capable of stealing massive volumes of personal data. Much of that data came from cryptocurrency wallets and accounts.

Crypto users were particularly vulnerable due to the irreversible nature of crypto transactions and the use of decentralized wallets. Once seed phrases or private keys were extracted, funds could be drained without recourse.

Crypto Theft Fueled by Malware-as-a-Service

The operation targeted platforms that enabled non-technical criminals to launch widespread malware campaigns through phishing emails, fake software downloads, and malicious ads. Infected machines were scanned for any crypto-related files or browser-stored credentials, which were then sent back to attackers’ command-and-control servers. FBI Cyber Division Assistant Director Bryan Vorndran warned that “The crypto community has been a consistent target for this type of malware.” In many cases, the stolen crypto was quickly laundered through mixing services or moved across multiple wallets to obscure its origin.

The bust was made possible through cooperation with Europol and cybercrime agencies in Australia, Canada, the UK, Germany, and the Netherlands. The DoJ noted that additional targets are under investigation and urged potential victims to use resources like Have I Been Pwned to check if their credentials had been exposed.

The post Feds Bust Malware Ring Targeting Crypto Wallets appeared first on FullyCrypto.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Bitcoin - @ May 22, 2025 8:20 am