Skip to content
Tech News
← Back to articles

Police boast of hacking VPN where criminals "believed themselves to be safe"

2026-05-22 | original
read original get VPN Security Toolkit → more articles
Why This Matters

Law enforcement successfully infiltrated and shut down the First VPN service, which was used by cybercriminals to hide illegal activities. This operation highlights the increasing capabilities of authorities to combat cybercrime by targeting anonymizing tools. It serves as a reminder to consumers and industry stakeholders that even seemingly secure privacy tools can be compromised and should not be solely relied upon for protection.

Key Takeaways

European law enforcement say they hacked into a VPN (virtual private network) service used for ransomware attacks and other crimes, and identified thousands of users before shutting the VPN down and arresting its administrator.

Europol announced yesterday the results of the operation against the service, First VPN. The First VPN website now displays a message saying the domain was seized by a joint international law enforcement action.

“A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offenses has been dismantled in an international operation led by France and the Netherlands, with support from Europol and Eurojust,” the agency said. “For years, the service, known as ‘First VPN,’ was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond the reach of law enforcement. It offered users anonymous payments, hidden infrastructure, and services designed specifically for criminal use.”

The probe began in December 2021. At some point, “investigators gained access to the service, obtained its user database and identified VPN connections used by cybercriminals seeking to conceal their activities,” Europol said. Security vendor Bitdefender helped law enforcement conduct the operation, Europol said.

“The gathered intelligence exposed thousands of users linked to the cybercrime ecosystem and generated operational leads connected to ransomware attacks, fraud schemes, and other serious offenses worldwide,” according to Europol.

Users “mistakenly believed themselves to be safe”

A statement from the Dutch National Police Corps said that before the domain seizures, “police had access to the criminal traffic of the users of the service, who mistakenly believed themselves to be safe.”

An Internet Archive capture of the now-defunct VPN service’s website shows it advertised the ability to conceal one’s IP address, encrypt all communications, and hide one’s actions “from the provider and other interested persons.” First VPN also made the “no logs” promise that is common among VPN providers to assure customers that they don’t store records that could be handed to law enforcement or other third parties.

Explore topics: vpn europol first vpn bitdefender ransomware
Related:
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
A VPN built for criminals just got shut down by Europol and Eurojust
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
Firefox's Free VPN Adds More Servers in More Countries
Law enforcement shuts down VPN service used by two dozen ransomware gangs

© 2026 GoKawiil

About | Editorial Policy | Contact