Interpol Operation HAECHI VI Recovers $439 Million From Global Cybercrime Networks

Between April and August 2025, law enforcement agencies across 40 countries coordinated a five-month action codenamed Operation HAECHI VI, recovering about $439 million in cash and cryptocurrency and disrupting criminal infrastructure that fueled thousands of scams and frauds worldwide.

The operation combined traditional financial investigations with targeted cyber-forensics to follow illicit money rails from victim payouts into bank accounts, crypto wallets and shell companies. Interpol reported that investigators froze roughly 68,000 bank accounts and seized close to 400 cryptocurrency wallets while dismantling platforms that supported voice-phishing mills, investment fraud rings, online sextortion networks, business-email-compromise (BEC) gangs, romance-scam operations and illegal gambling money-laundering schemes. Read Interpol’s operational summary for a full breakdown of participants and recovered assets: Interpol: USD 439 Million Recovered in Global Financial Crime Operation.

“As one of INTERPOL’s flagship financial crime operations, HAECHI is a prime example of how global cooperation can protect communities and safeguard financial systems,” said Theos Badege, head of INTERPOL’s Financial Crime and Anti-Corruption Centre, calling for wider participation from member countries.

Modus Operandi, Money Flows and Technical Tactics

How the frauds converted small losses into massive proceeds

HAECHI VI targeted a blend of high-volume social-engineering scams and tailored financial frauds. Typical modes of operation observed by investigators included:

• Voice-phishing (vishing) mills that social-engineered victims into authorizing transfers or revealing credentials;
• Investment and advance-fee frauds where victims were induced to send wire transfers or crypto to fake trading platforms;
• Business Email Compromise (BEC) schemes that used spoofed invoices and vendor impersonation to redirect corporate payments; and
• Money-laundering chains that combined fiat bank accounts, prepaid cards, crypto mixers and cross-border cash couriers to obfuscate provenance.

Investigators leveraged blockchain analytics to trace crypto proceeds through mixers, bridges and decentralized finance rails, while banking partners provided transactional telemetry to identify suspicious payout patterns and bulk account changes. High-profile takedowns included a Portuguese case where 45 suspects were arrested for hijacking social-security disbursements, and a Royal Thai Police seizure of $6.6 million linked to fraudulent transfers from a large Japanese corporation into accounts controlled by a transnational crime syndicate.

Technical indicators and investigative techniques used

• Clustered victim-payment signatures: repeated small transfers from many victims funnelled into aggregation accounts before bulk cash-outs.
• Rapid account churn: newly created accounts used briefly for cash-outs then discarded—detected via KYC anomaly scoring.
• Cross-channel laundering: fiat → crypto → mixer → cross-chain bridge → cashout locations, tracked with chain-analysis heuristics.
• Social engineering telemetry: call center-style dialer infrastructure and scripted vishing playbooks identified through telecom and call-detail-record analysis.

Risk Implications and Comparative Context

Operation HAECHI VI is the latest in a sequence of Interpol-coordinated actions: HAECHI V (2024) recovered roughly $400 million and led to about 5,500 arrests, while HAECHI IV (2023) seized around $300 million—illustrating a sustained, iterative disruption strategy against large, distributed fraud ecosystems. These results show criminal models have evolved to monetize massive numbers of small losses and to exploit jurisdictional fragmentation to launder proceeds. For program context and historical outcomes, see Interpol’s HAECHI program overview and previous results: Interpol Financial Crime Initiatives.

The strategic risks are clear: criminals profit from scale (many low-value victims), exploit crypto’s pseudonymity and exploit slow cross-border legal processes to hide proceeds. Financial institutions, payment platforms and vulnerable populations (seniors, non-native speakers, beneficiaries of welfare programs) remain primary targets.

Actionable Remediation Advice — For Banks, Governments and Consumers

For financial institutions and payment processors

1. Deploy behavioral analytics that detect anomalous beneficiary changes, bulk payout edits and mass account-linking events.
2. Implement rapid freeze channels with correspondent banks and card networks to stop suspicious outgoing chains.
3. Integrate blockchain-forensics feeds into SIEM and AML workflows to detect mixing/migration patterns early.
4. Tighten onboarding and dual-approval controls for high-risk payment changes (out-of-band verification, multi-signatures).

For government agencies and benefit administrators

1. Require dual authorization and multi-factor verification for changes to direct-deposit details, particularly for welfare payments.
2. Run continuous reconciliation between disbursement records and beneficiary confirmations; flag large divergence rates.
3. Offer targeted education to vulnerable recipients about vishing and authorized channels for changes.

For consumers and victims

1. If you suspect fraud, contact your bank immediately to request transaction freezes and reversals; preserve call logs and message screenshots.
2. Enable MFA on financial and email accounts; avoid password reuse that enables credential stuffing.
3. Report scams to local authorities and Interpol’s national contact point; use consumer reporting channels to build the intelligence picture that enables takedowns.

Strategic Takeaways and What To Monitor Next

1. Policy and cooperation: sustained disruption requires faster cross-border legal processes and standardized emergency freeze mechanisms across correspondent-banking networks.
2. Criminal adaptation: expect greater use of privacy-enhancing coins, chain-hopping, and DeFi bridges to complicate tracing; monitor for new laundering “recipes.”
3. Public-private sharing: timely intelligence sharing between law enforcement, banks, telcos and blockchain analytics firms remains the most effective countermeasure.

Interpol’s HAECHI series demonstrates that coordinated, repeatable multinational operations can materially degrade fraud ecosystems—recovering hundreds of millions while producing large arrest counts. But these operations also reveal structural weaknesses that criminal networks continue to re-engineer, underlining the need for continual technical, legal and operational adaptation.