Europol, in coordination with Latvian authorities, has taken down a sophisticated crypto-phishing ring that operated a large-scale SIM-box infrastructure and created more than 49 million fake online accounts, according to multiple cybersecurity outlets.
The operation – nicknamed “SIMCARTEL” – relied on about 1,200 SIM-box devices and 40,000 active SIM cards to rent phone numbers across 80+ countries. These devices supported the creation of fake accounts used in various scam campaigns, including crypto-investment fraud, phishing attacks, and impersonation schemes.
Authorities linked the network to over 1,700 cases in Austria and 1,500 in Latvia, with confirmed losses of around $5.7 million in the initial investigation.
Although seized assets include approximately $333,000 in cryptocurrencies along with luxury vehicles and hardware, officials warn that the full scale of fraud is likely much larger.
The fraudsters built access-as-a-service tools: They rented out SIM numbers, enabling clients to bypass two-factor authentication (2FA) and open legitimate-looking accounts to carry out phishing, smishing, and impersonation scams. These tools were also used for money-laundering duties, making them attractive to a wide range of criminals.
Why It Matters
This bust sheds light on how crypto-related fraud is increasingly intertwined with telecommunication infrastructure. With criminals automating fake-account creation and weaponizing rented phone numbers, the risk to consumers and platforms grows significantly. For crypto investors and platforms alike, the operation serves as a cautionary tale of how complex the attack surface has become.