FBI, Indonesia dismantle W3LL phishing network tied to $20M
FBI Atlanta and Indonesian police seized servers linked to more than $20 million in fraud attempts and detained an alleged developer on April 13, 2026.
On April 13, 2026, the FBI Atlanta Field Office and the Indonesian National Police announced they had dismantled the W3LL phishing network, seized servers and other infrastructure tied to more than $20 million in suspected fraud attempts and detained an individual in Indonesia alleged to have developed the phishing kit. The U.S. Attorney’s Office for the Northern District of Georgia supported the case.
The W3LL tool operated as a phishing-as-a-service kit sold on an underground marketplace called W3LLSTORE for about $500. Buyers could build fake login pages that closely mimicked real websites and deploy an adversary-in-the-middle technique that captured passwords and authentication tokens as victims logged in.
Captured authentication tokens allowed attackers to access accounts even when victims used multi-factor authentication. Investigators estimate roughly 500 distinct threat actors used the kit to run campaigns against consumers and online services.
Investigators reported that between 2019 and 2023 W3LLSTORE facilitated the sale of more than 25,000 stolen credentials. After that marketplace was shut down, operators shifted distribution to encrypted messaging apps and continued offering a rebranded version of the kit. From 2023 to 2024 the tool targeted more than 17,000 victims worldwide, according to agency findings.
Authorities seized key infrastructure components linked to the reported fraud attempts. Officials did not release the detained person’s name while the investigation continues. The agencies intend to identify victims, trace stolen funds and pursue cross-border legal steps.
The takedown coincided with an announcement of a Major Defense Cooperation Partnership between the United States and Indonesia on April 13 that covers military modernization, professional education and joint exercises across the Indo-Pacific. U.S. and Indonesian officials characterized the law enforcement action as part of broader bilateral cooperation on security, including cyber crime.
Industry figures show crypto investors lost more than $300 million to phishing in January 2026. Prosecutors and investigators expect removing W3LL infrastructure will disrupt active fraud campaigns while work continues to identify victims and coordinate international responses.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
