Belgian authorities arrested a 19-year-old suspected of being a key figure in a European phishing and money-laundering network that stole more than 500,000 euros ($572,000) using fake government emails and phone calls to trick victims into installing remote-access software.
Authorities detained the suspect in an Airbnb in Antwerp, where a second suspect was also found. The Federal Judicial Police launched the investigation in March 2026, when phishing attacks became a priority in the region, according to a Thursday police report.
The main suspect was brought before an investigating judge, who issued an arrest warrant. The gang used money mules and cash carriers and laundered the proceeds through cryptocurrencies.
The investigation shows that crypto can play multiple roles in phishing operations, including as a means of laundering illicit proceeds.
Phishing dominates crypto security losses
Phishing is also a major threat to cryptocurrency investors, accounting for the majority of the $482 million lost in the first quarter of 2026. Phishing and social engineering attacks accounted for $306 million of those losses, according to Hacken.
Phishing attacks and social engineering scams are a long-standing hurdle for the crypto industry, as attackers exploit human behavior rather than the code of a protocol.
On May 25, onchain analyst “b-block” warned that scammers used Google to deploy malicious phishing ads impersonating decentralized exchange Uniswap, reportedly stealing more than $400,000 from victims.
Data aggregator DeFiLlama said that “fake ads on Google are a common source of phishing attacks.” Crypto cybersecurity group Security Alliance also reported in April that there was a “significant uptick” in phishing activity on Google Search in March.
Related: Phantom Chat under scrutiny after $264K address poisoning loss
Blockchain security company CertiK’s Skynet report also highlighted phishing and social engineering as leading attack vectors for North Korea-linked malicious actors.

DPRK hacking playbook. Source: CertiK
CertiK attributed the 2022 Ronin Bridge exploit that stole $600 million to a spearphishing campaign involving a fake LinkedIn recruiter and a malware-laden PDF.
Magazine: Meet the onchain crypto detectives fighting crime better than the cops
Latest News#Belgian #police #arrest #suspected #phishing #gang #leader #tied #572K #theft1783111000

