Overview
- Authorities seized 34 domains and 23 servers across seven countries and froze $3.5 million in cryptocurrency, with infected routers disconnected from the service.
- SocksEscort sold access to traffic routed through malware‑infected home and small‑business routers, relying on the AVrecon malware that targets roughly 1,200 device models, according to the FBI.
- The service offered access to about 369,000 IP addresses since 2020 and listed roughly 8,000 infected routers in February 2026, including around 2,500 in the United States.
- Researchers reported an average of about 20,000 infected devices weekly over recent years and observed 280,000 unique victim IPs since early 2025, with more than half in the U.S. and U.K.
- Europol estimates the payment platform took in around €5 million in crypto, the FBI cited roughly 124,000 users, and DOJ detailed losses including $1 million stolen from a New York crypto customer, $700,000 from a Pennsylvania manufacturer, and $100,000 tied to Military Star cards.