Fraud of the Month: Major Fraud & Cyber Crime Cases in January 2026

The post-holiday period has become a key moment for uncovering fraud, as investigations conclude, indictments are filed, and breaches come to light after the year-end slowdown. January often brings a surge in reported scams, and also in disclosures, arrests, and enforcement actions tied to activity that may have unfolded months—or even years—prior.

This January alone, authorities and security teams revealed cases ranging from a €700 million cryptocurrency laundering network dismantled by Europol, to a $26 million DeFi exploit—alongside smaller but telling cases.

In this article, we bring you the latest scams, cybercrime, fraud news, and fraud investigations happening in January 2026.

Cybercrime & fraud in January 2026

A few prominent headlines appeared in the news globally during this month. Let’s take a look at the most striking cases:

💸Crypto money laundering scam network takedown

European law enforcement, together with Europol and other agencies, has shut down a large crypto fraud and money-laundering ring that moved over €700 million in illegal funds. The operation involved raids in Cyprus, Germany, Spain, Belgium, Bulgaria, and Israel. Authorities focused on fake cryptocurrency investment platforms that deceived thousands of people with false promises of high returns. Criminal call centers pressured victims into sending more money, which was then stolen and laundered through a complicated network of exchanges and blockchains. 

Authorities arrested several suspects, seized various assets (including cash, cryptocurrencies, and digital devices), and disrupted the marketing system that spread the scam, including fake ads and deepfake testimonials. This operation is one of the largest efforts to date against cryptocurrency fraud, highlighting the need for international cooperation to fight online financial crime and protect investors. Investigations are still ongoing to track remaining assets and people connected to the network.

🍔Texas McDonald’s worker credit card scam

In Springtown, Texas, a 19-year-old McDonald’s employee named Giovanni Primo Blount was arrested for credit card fraud. He is accused of double-charging customers at the drive-thru. According to police, Blount processed real payments and then used his personal device to charge customers' cards again, leading to unauthorized charges of about $10 to $20 each time. Over 50 transactions resulted in around $680 in illegal gains before his arrest. The charges against him became more serious, as he is now facing a first-degree felony for using or possessing the identifying information of multiple cardholders.

⚡Nike data breach incident

Nike is looking into a possible cybersecurity breach after hackers called WorldLeaks claimed they stole data from the company's internal systems. The hackers listed Nike on a Tor-based leak site and threatened to share the stolen data unless a ransom is paid. Reports say up to 1.4 TB of internal files might have been taken, including details about product design and manufacturing. 

However, it is still unclear if any personal information about customers or employees was compromised. Nike stated that it takes data security seriously and is evaluating the situation. WorldLeaks is assumed to be a new name for the Hunters International ransomware group, which steals data and extorts companies without using traditional ransomware that encrypts files. 

Nike’s investigation is still ongoing, and the company hasn't confirmed if the alleged data leak is real or not. The final outcome, whether data is breached or a ransom is paid, is still unknown.

🖼️Cyber breach in Dresden State Art Collections

Germany’s Dresden State Art Collections, comprising 15 museums, was hit by a cyberattack that disrupted its digital systems. This incident started on January 21, 2026, and it affected phone systems, online ticket sales, visitor services, and their online shop. However, the physical security systems worked, and the museums stayed open. 

IT teams and law enforcement, including the Dresden Police and the Saxon State Office of Criminal Investigation, are managing the situation and investigating the breach. There is no information about who attacked or why yet, and it’s unclear if the attackers demanded a ransom. 

The organization has made a crisis team, and the restoration process is ongoing. According to recent updates, the museum’s website has mostly returned to normal, but some services, like the online shop, are still being fixed.

🧓Swedish elderly fraud syndicate sentenced

Fourteen people in Sweden were found guilty of being part of a fraud network that targeted individuals through international scam call centers. They defrauded 139 private individuals and businesses out of around 17 million kronor (about €1.4 million). The group made long phone calls to trick mainly elderly victims into approving bank transactions using their bank ID details. The two main fraudsters received long prison sentences of over eight and nine years, while others received shorter sentences based on their roles in the crime. Authorities also ordered the freezing of their assets that would help repay the victims.

📉$26 million in crypto stolen from the Truebit platform

In January 2026, the Truebit protocol—a decentralized finance (DeFi) project—was hacked. Attackers found a weakness in its smart contract code, allowing them to create tokens at almost no cost and steal about 8,535 ETH (around $26 million) from the protocol. This happened due to an integer overflow flaw in an older smart contract that didn't have protections against such arithmetic errors. The attackers took advantage of the token purchase system and transferred the funds into anonymous wallets. 

After the hack, the value of Truebit’s native TRU token dropped by over 99% and lost market liquidity. The Truebit team confirmed the hackers' attack and warned the users not to use the compromised contract. They also said they're working with law enforcement to resolve the issue. However, they don't have a clear plan for recovery or compensation for the users yet.

🏭Cambodia arrests alleged scam kingpin

Cambodian authorities have arrested Chen Zhi, the chairman of the Prince Group, and sent him to China. He faces accusations of running a large online scam and cyber-fraud network from Cambodia. US prosecutors claim that Chen led "pig-butchering" crypto scams and fraud operations that forced workers into closed compounds to target victims around the world. The US and UK had previously imposed sanctions on him and his companies for their involvement in large online scams and alleged money laundering. Cambodian officials state that the extradition shows better cooperation in fighting international crime, but rights advocates have criticized the process and pointed out that scams continue in the region.

Most modern scams and cyberattacks don’t rely on a single technical failure, but on a combination of weak controls, misplaced trust, and human pressure points. Cybercriminals usually use a mix of social engineering, infrastructure abuse, and financial deception, so prevention increasingly depends on layered defenses and being able to quickly fight back threats. 

At the scale seen in many of these cases, effective protection starts with serious cybersecurity foundations: strong access controls, continuous monitoring, incident response readiness, and cooperation. For individuals and smaller organizations, staying informed and skeptical, with a cool head, remains one of the most effective tools against evolving fraud risks—and the best way to watch out for Scamuary.

Reduce fraud cases by more than 90% with Sumsub

Talk to the Sumsub team today to see how your business can thrive and reduce fraud.

Speak to an expert