INTERPOL MENA Cybercrime Sweep Arrests 201, But Crypto Link Remains Unconfirmed

INTERPOL’s first large-scale cybercrime operation across the MENA region has led to 201 arrests, the identification of 382 additional suspects and the discovery of 3,867 victims. Operation Ramz ran from October 2025 to February 28, 2026, with 13 countries working together to disrupt malicious infrastructure, identify suspects and prevent additional losses.

The sweep targeted the infrastructure behind phishing, malware and online financial scams rather than a single named platform or token. Authorities seized 53 servers and shared nearly 8,000 pieces of data and intelligence across participating countries, giving investigators material to pursue device compromises, phishing kits, banking-data theft and organized fraud networks. INTERPOL Cybercrime Director Neal Jetton said the operation showed why cross-border coordination is needed when cybercriminals exploit the digital landscape “without borders.”

The strongest crypto-adjacent detail came from Jordan, where police located a computer allegedly used to run financial fraud scams. Victims were pushed into investing through what appeared to be a legitimate trading platform before the platform shut down after deposits. INTERPOL did not say those deposits were made in crypto, stablecoins or through exchanges, but the fake-platform model is familiar across investment-fraud cases that often target digital-asset users.

Crypto Link Is Not Confirmed, But The Fraud Pattern Is Relevant

The release does not place cryptocurrency at the center of Operation Ramz. It names phishing, malware, financial fraud, compromised devices, banking data and fake trading infrastructure, but it does not identify crypto wallets, blockchain addresses, stablecoin flows, exchange accounts or digital-asset laundering channels. CryptoAdventure contacted INTERPOL to ask whether investigators identified any crypto-linked payment rails, wallets or exchange activity connected to the operation. No response had been received by publication time.

Operation Ramz remains a cybercrime case first, with no disclosed crypto money trail so far. Its relevance to digital-asset users comes from the mechanics behind the alleged fraud: fake investment dashboards, phishing links, malware, impersonated support agents and deposit funnels that can push victim funds beyond recovery before investigators can trace the full payment chain.

The Jordan case also exposed a human-trafficking layer behind the fraud. Fifteen people found carrying out the alleged scams were assessed by investigators as trafficking victims recruited from Asian countries under false employment promises. Their passports were confiscated after arrival, and they were forced or coerced into participating in the operation. Two people suspected of orchestrating the scheme were arrested.

Enforcement Focus Moves Toward Servers, Recruiters And Scam Infrastructure

Operation Ramz fits a broader enforcement shift away from isolated online scammers and toward the systems that keep fraud networks running. Algeria dismantled a phishing-as-a-service website and seized hardware containing phishing software and scripts. Moroccan authorities seized computers, smartphones and external drives containing banking data and phishing tools. Oman disabled a vulnerable private server containing sensitive information to prevent additional harm.

That infrastructure-first approach is especially relevant as global crypto scam-center crackdowns increasingly target recruiters, call-center managers, payment handlers, domains, servers and laundering routes rather than only the front-facing accounts used to contact victims. Operation Ramz has not confirmed a crypto payment trail, but its fake trading platform, seized servers and phishing tools sit close to the same machinery often used to drain retail investors.