The Ad Trap Closed: DOJ Seizes Global Control Hub Behind $28M Bank Fraud
U.S. law enforcement authorities have announced the seizure of a domain used in a large-scale scheme to steal bank accounts. According to the U.S. Department of Justice, the site—web3adspanels[.]org—served as a control hub for harvesting stolen credentials and enabling remote access to victims’ banking accounts. Visitors to the domain now see a notice stating that it has been confiscated as part of a joint international operation between the United States and Estonia.
Investigators say the perpetrators placed fraudulent advertisements in search engines, including Google and Bing, carefully designed to mimic legitimate bank ads. These ads redirected users to counterfeit websites where sensitive information was collected. Embedded malware on those pages intercepted submitted usernames and passwords, which were then used to access real banking accounts.
The operation affected 19 victims across the United States, including two companies based in northern Georgia. Claimed losses totaled $28 million, with approximately $14.6 million confirmed as stolen. At the time of the seizure, the domain still hosted a database containing thousands of compromised credentials, along with backend infrastructure used to manage the scheme. Activity linked to the site had continued until very recently.
The FBI added that since January 2025, its Internet Crime Complaint Center has received more than 5,100 reports tied to similar bank account takeover schemes. The cumulative losses associated with those complaints exceed $262 million.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
