Key Highlights
- The FBI and allies seized 1,025 servers tied to crypto-stealing malware.
- Major strains taken down: Rhadamanthys, VenomRAT, Elysium.
- It is part of a wider U.S. crackdown on global scam and fraud networks.
The U.S. Federal Bureau of Investigation (FBI) and international law enforcement partners have carried out one of their largest cybercrime disruptions of the year, dismantling malware networks that have been quietly raiding crypto wallets, browser credentials, and financial accounts across the globe.
The agency announced that Operation Endgame, a multinational effort launched in May 2024, took down 1,025 servers, seized 20 domains, and led to an arrest in Greece. This marks the third major takedown tied to the ongoing initiative.
Cyber tools on target
The targets of the operation were Rhadamanthys, a commercial-grade infostealer sold as malware-as-a-service, VenomRAT, a remote access Trojan used for surveillance and credential harvesting, and Elysium, a stealth botnet known for deploying cryptomining payloads and distributing additional malware.
These tools have been at the center of a surge in crypto wallet drains, credential hijacking, and large-scale financial fraud. Rhadamanthys, in particular, is designed specifically to vacuum up seed phrases, wallet files, browser auto-fills, exchange logins, and system data, a common choice for phishing crews and Telegram-based drainer ops.
Global operation targets cybercrime networks
The FBI executed the takedown alongside authorities in Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the UK, targeting the infrastructure that cybercriminals depend on to automate attacks.
They also seized command-and-control nodes used to manage infected machines, which is expected to disrupt thousands of active malware campaigns.
A broader crackdown on crypto-driven crime
The botnet takedown follows the launch of the Scam Center Strike Force, a new U.S. initiative focused on dismantling Southeast Asian scam compounds and Chinese-linked criminal networks that deploy similar infostealers. The task force has already seized $401.6 million in crypto, filed forfeiture actions for another $80 million, and coordinated arrests in Bali and Burma.
“The impact on victims is devastating,” said FBI Deputy Assistant Director Gregory Heeb. “Our job is to stop these criminals, and with global cooperation, we will.”
What comes next
The FBI says more coordinated actions are coming as agencies shift from chasing individual hackers to dismantling the infrastructures, such as servers, domains, and distribution systems, behind global crypto crime. Future phases of Operation Endgame will target malware developers, hosting providers, and botnet operators.
The agency also warns crypto users to treat any unauthorized access, drained accounts, or odd browser behavior as a sign of device compromise, and to migrate wallets and reset credentials immediately.
Also read: Leaked Emails Reveal Epstein Helped Fund MIT’s Bitcoin Work
