TL;DR
- U.S. authorities, in collaboration with Microsoft, Europol, and Japan, have dismantled five domains used to distribute the LummaC2 malware, specialized in stealing cryptocurrency and banking credentials.
- The FBI estimates over 10 million infections worldwide.
- Microsoft also blocked more than 2,300 additional domains tied to the same criminal network, marking a strong blow to global financial cybercrime.
The U.S. Department of Justice (DOJ) has announced the seizure of five domains used to distribute LummaC2, a sophisticated malware created to steal crypto wallet seed phrases, bank login credentials, and other sensitive data. The joint effort involving the FBI, Europol, Japan, and Microsoft represents a major international move to dismantle one of the most prolific data-theft operations of recent years.
LummaC2 is far from just another virus. Under a “malware-as-a-service” model, its developers sold monthly subscriptions for up to $1,000 through underground forums, allowing even low-skilled cybercriminals to launch devastating attacks. The FBI estimates losses of more than $36.5 million in credit card theft alone during 2023, and Microsoft detected nearly 400,000 infected devices between March and May 2025.
Investigators also revealed that LummaC2 could bypass multiple layers of security, including two-factor authentication tokens, a particularly alarming capability for cryptocurrency users and decentralized exchange platforms that rely on strong digital protections.
Crypto Under Attack, But Also Under Protection
Unlike narratives that blame the crypto ecosystem for enabling crime, this case reinforces a proactive perspective: decentralized technologies are being targeted precisely because of their value and independence. Cybercriminals are no longer just chasing banks, they now go after private keys and seed phrases granting access to self-managed digital assets.
This coordinated takedown proves that the tech industry and governments can mount an effective response. Microsoft carried out an independent civil action that eliminated over 2,300 additional domains, seriously disrupting LummaC2’s infrastructure. It was also revealed that this malware was being used to extort schools, block critical services, and drain bank accounts with remarkable efficiency.
A Win for Crypto Security
The fall of LummaC2 marks a significant victory for cryptocurrency users. Rather than demonizing digital assets, this operation proves that the real issue is malware, not the coins themselves. More importantly, it shows that legal, technical, and international tools exist to defend the ecosystem.
This joint action didn’t just dismantle a criminal network. It also sent a clear message: with the right support, the crypto world can become a safer space for millions of users around the globe.
