Police forces around the world have made 32 arrests as part of a major operation cracking down on infostealer malware led by Interpol. Operation Secure saw law enforcement agencies from 26 countries work to locate the servers, map physical networks and ultimately execute the targeted takedowns, according to a statement released by Interpol. 20,000 malicious IPs and domains taken down in #INTERPOL infostealer crackdown During Operation Secure law police from 26 countries worked to locate servers, map physical networks and execute targeted takedowns arresting 32 suspects linked to illegal cyber activities. — INTERPOL (@INTERPOL_HQ) June 11, 2025 More than 20,000 IPs and domains were taken down as part of the operation, and over 100GB of data seized across 41 servers. The takedown reportedly neutralized 79% of the suspicious IP addresses identified by Interpol, with assistance from private sector partners including Kaspersky, Trend Micro and Group-IB. The sweep saw 18 suspects arrested in Vietnam, 12 in Sri Lanka and a further two in Nauru. In the Vietnam arrests the group leader was found with over VND 300 million ($11,500) in cash. In a statement, Neal Jetton, Interpol’s Director of Cybercrime, said that the operation “has once again shown the power of intelligence sharing in disrupting malicious infrastructure and preventing large-scale harm to both individuals and businesses.” What are infostealers? Infostealer malware is typically used to infiltrate organizational networks in order to steal browser credentials, cookies, passwords, credit card details and cryptocurrency wallet data. Logs harvested by infostealers are increasingly being traded on the cybercriminal underground to enable further attacks. These include ransomware, data breaches, fraud schemes and more. Following Operation Secure, the authorities notified over 216,000 victims and potential victims to take immediate action to secure themselves. This includes changing passwords, freezing accounts and removing unauthorized access. Speaking to Decrypt, Dmytro Yasmanovych, Compliance Services Lead at blockchain security auditor Hacken praised the operation but warned that infostealer networks are “highly resilient—reconstituting infrastructure via bullet-proof hosting and fast-rotating domains.” Yasmanovych noted that for Web3 organizations, compliance alone isn’t enough. “Effective defense requires a fusion of robust endpoint hardening, continuous on-chain and off-chain monitoring, and real-time threat‐intelligence sharing,” he said. “Only through this multilayered, proactive posture can the industry stay ahead of rapidly evolving infostealer campaigns targeting crypto wallets and private keys.” Hacken’s Senior Blockchain Protocol Security Auditor Ali Ashar added that, “To convert this win into lasting disruption, momentum needs to continue,” pointing to the importance of “timely victim alerts, ongoing public-private intel sharing, and follow‑up enforcement.”