Cybercrime remains a booming business. 

Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday.

The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction and compounding at an alarming rate. Annual cybercrime losses have jumped almost 400% from $4.2 billion in 2020, and cumulative losses in that five-year period surpassed $71.3 billion.

The FBI’s IC3, which formed as the country’s central hub for cybercrime reporting in 2000, is busier than ever. “We now average almost 3,000 complaints per day,” Jose Perez, the FBI’s operations director for its criminal and cyber branch, wrote in the report. 

The annual internet crime report highlights growing and sustaining trends. Yet, the scope of the study is limited and relies entirely on cybercrime incidents submitted to the FBI. 

The full impact of cybercrime remains murky, as an unknown number of victims suffer in the shadows and never report the crimes they endure.

The FBI received more than 1 million complaints last year, with victims aged over 60 reporting the largest amount of crimes that also resulted in the greatest amount of total losses by age group. Victims at least 60 years old filed 201,000 complaints with losses totaling nearly $7.75 billion, or about 37% of all cybercrime-related losses last year.

Investment-related fraud remained the largest component of cybercrime losses in 2025, reaching almost $8.65 billion. Business email compromise took the No. 2 spot with almost $3.05 billion in losses, followed by tech support scams at more than $2.1 billion. 

Cryptocurrency was the primary conduit for fraud linked to investment and tech support scams last year, while wire transfers composed the bulk of fraud resulting from business email compromise, according to the report.

Phishing was the most commonly reported type of cybercrime last year, followed by extortion, investment scams and personal data breaches. The FBI tallied losses amounting to $122.5 million from extortion and $32.3 million from ransomware last year.

The FBI also received more than 75,000 reports of sextortion last year, including more than 5,700 submissions that were referred to the National Center for Missing and Exploited Children.

The top five cyber threats reported to IC3 in 2025 included data breaches at 39%, ransomware at 36%, SIM swapping at 10%, malware at 9% and botnets at 7%. 

The FBI received more than 3,600 complaints reporting ransomware last year. The five most reported variants included Akira, Qilin, INC, BianLian and Play.

Each of the 16 critical infrastructure sectors reported ransomware attacks last year, and the most heavily targeted included health care, manufacturing, financial services, government and IT.

The IC3 primarily receives complaints from U.S. residents and businesses, but it also received complaints from more than 200 countries last year, which accounted for nearly $1.6 billion in total losses. 

While losses and the sheer amount of cybercrime continued to climb last year, “the FBI continues to disrupt and deter malicious cyber actors — and shift the cost from victims to our adversaries,” Perez wrote in the report.

“It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions,” he added. “Cyber threats and cyber-enabled crime will continue to evolve as the world embraces emerging technologies such as artificial intelligence.”

The post Cybercrime losses jumped 26% to $20.9 billion in 2025 appeared first on CyberScoop.

European authorities shut down and seized the assets of Cryptomixer, a cryptocurrency mixing service that allegedly facilitated more than $1.5 billion in money laundering for cybercriminals and other illegal activity, Europol said Monday. 

The weeklong operation, part of “Operation Olympia,” netted the seizure of nearly $28 million in Bitcoin, three servers in Switzerland, the cryptomixer.io domain and more than 12 terabytes of data, officials said. The site currently displays a seizure notice, warning that anyone using or operating cybercriminal services is subject to investigation and prosecution. 

The takedown is part of a broader global law enforcement effort to disrupt, confiscate and obtain additional information on the various services cybercriminals rely upon and the individuals leading these operations. 

Cryptomixer, which was accessible on the clear and dark web, mixed more than $1.5 billion in Bitcoin through its infrastructure since its founding in 2016, according to Europol. Officials described the mixing service as “the platform of choice” for cybercriminals and various crimes, including ransomware, payment card fraud, and drugs and weapons trafficking. 

“Deposited funds from various users were pooled for a long and randomised period before being redistributed to destination addresses, again at random times,” Europol said. “Mixing services such as Cryptomixer offer their clients anonymity and are often used before criminals redirect their laundered assets to cryptocurrency exchanges.”

North Korean-linked Lazarus Group used Cryptomixer and similar services before it shifted to high-volume attacks, according to TRM Labs. Lazarus Group stole $1.46 billion in Ethereum from Bybit in February and laundered $160 million within two days of the attack. 

“North Korea now appears to prioritize speed and automation over traditional anonymity,” researchers said in the wake of the largest cryptocurrency theft on record.

Officials also referenced the 2023 takedown of ChipMixer, the largest mixing service at that time, as an example of law enforcement agencies’ sustained effort to target cryptocurrency mixing services. ChipMixer was allegedly responsible for more than $3 billion in transactions since it began operations in 2017.

The Cryptomixer shutdown drew support from Europol, Eurojust and multiple law enforcement agencies from Germany and Switzerland.

The post Authorities take down Cryptomixer, seize $28M in Switzerland appeared first on CyberScoop.

The Justice Department notched a few more wins in the fight against North Korean cryptocurrency heists and the regime’s expansive scheme to get remote IT workers hired at U.S. businesses. 

Officials’ countermeasures to these schemes, which ultimately launder ill-gotten money to North Korea’s government, involve the targeting of U.S.-based facilitators who provide forged or stolen identities and laptop farms for North Korean operatives, and the seizure of cryptocurrency linked to theft. Law enforcement wins on both fronts are stacking up.

Oleksandr Didenko, a 28-year-old Ukrainian national, pleaded guilty to wire fraud conspiracy and aggravated identity theft in the U.S. District Court for the District of Columbia Monday for stealing the identities of U.S. citizens and selling them to overseas IT workers. His years-long scheme helped North Korean IT workers gain employment at 40 U.S. companies, officials said. 

Didenko ran a site, upworksell.com, to sell stolen identities and paid co-conspirators to receive and host laptop farms in Virginia, Tennessee and California, according to court records. Didenko managed up to 871 identities through the laptop farms and collaborated with other co-conspirators in the United States.

In late 2023, following a request from one of his customers, Didenko sent a computer to a laptop farm run by Christina Chapman in Arizona, officials said. Chapman was arrested in May 2024 and sentenced to 102 months in prison for participating in the scheme.

Didenko’s site was seized following Chapman’s arrest. In late 2024, he was arrested by Polish police later extradited to the United States. Didenko agreed to forfeit more than $1.4 million, and his sentencing is scheduled for Feb. 19, 2026.

Justice Department officials applauded other recent court case wins, demonstrating the arduous work required to find and punish those who facilitate the North Korean remote IT worker scheme.

Three U.S. nationals — Audricus Phagnasay, 24, Jason Salazar, 30, and Alexander Paul Travis, 34 — each pleaded guilty to wire fraud conspiracy in the U.S. District Court for the Southern District of Georgia Thursday for providing U.S. identities to remote North Korean IT workers. 

The trio hosted U.S. company-provided laptops at their homes and installed remote-access software so the North Korean operatives could appear to be working in the country. The group also helped remote IT workers pass employer vetting and, in the case of Travis and Salazar, took drug tests on behalf of the North Koreans, officials said.

The scheme supported by the three men facilitated about $1.28 million in salary from victim U.S. companies from September 2019 through November 2022. Yet, the financial cuts for their assistance was relatively low. Travis, an active-duty member of the U.S. Army at the time, received about $51,000 while Phagasay and Salazar each pocketed about $3,500 and $4,500, respectively.

Last week, another U.S. national, 30-year-old Erick Ntekereze Prince, pleaded guilty to wire fraud conspiracy in the U.S. District Court for the Southern District of Florida for his yearslong involvement in the North Korean IT worker scheme. Prince’s company Taggcar was contracted to supply IT workers to victim U.S. companies from June 2020 through August 2024.

Officials said Prince earned more than $89,000 from the scheme, which also involved hosting company-provided laptops at Florida residences and installing remote-access software. Prince was indicted and charged in January along with his alleged co-conspirators, who collectively obtained work for North Korean IT workers at 64 U.S. companies, earning nearly $950,000 in salary payments.

The five people who pleaded guilty during the past week impacted more than 136 U.S. victim companies, officials said. Their crimes generated more than $2.2 million for North Korea’s regime and compromised the identities of at least 18 U.S. residents. 

“These actions demonstrate the department’s comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans,” John A. Eisenberg, assistant attorney general for national security, said in a statement. “The department will use every available tool to protect our nation from this regime’s depredations.”

Finally, the Justice Department said it seized more than $15 million in cryptocurrency from APT38, a nation-state hacking group with ties to North Korea. Officials said the seized funds were traced to four separate virtual currency heists in 2023.

The post DOJ lauds series of gains against North Korean IT worker scheme, crypto thefts appeared first on CyberScoop.