Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Insights
December 14, 2025

Croatian Ministry of Interior Dismantles Cryptocurrency Fraud Ring

TRM Team
Croatian Ministry of Interior Dismantles Cryptocurrency Fraud Ring

Between December 19 and 23, 2024, Cybersecurity Officers within the Croatian Ministry of Interior (MUP) began tracking and investigating what would become a complex cryptocurrency fraud and money-laundering scheme. Using a combination of blockchain intelligence and traditional investigative methods, the MUP identified two primary suspects—a 42-year-old Croatian citizen and a 45-year-old Austrian—who ultimately defrauded at least twelve victims of more than $500,000 in digital assets. 

TRM Labs is proud to have supported the MUP in this investigation and in its broader mission to prevent, detect, and investigate cyber-enabled crime.

The Investigation

According to investigative findings, the scheme began when the suspects approached a 39-year-old Croatian victim with what appeared to be a legitimate opportunity to purchase Bitcoin below market value. The victim, who had prior experience trading cryptocurrency, was persuaded that he could achieve favorable returns. After establishing trust, the 42-year-old arranged an in-person meeting in the Zadar region, where he claimed he would demonstrate blockchain transaction workflows. During this meeting, he covertly photographed the victim’s 24-word seed phrase, granting full access to the victim’s cryptocurrency wallet.

On December 23, 2024, using the stolen seed phrase, the Austrian suspect unlawfully accessed the victim’s digital wallet and transferred all available Bitcoin to his own wallet. At the moment of the theft, the stolen cryptocurrency was valued at €154,525.71.

From the end of December 2024 through January 14, 2025, the Austrian suspect undertook deliberate steps to conceal the illicit origins of the funds. He fragmented the stolen cryptocurrency into numerous smaller transactions, moved them across multiple blockchain addresses, and attempted to create barriers for forensic tracing. In January 2025, he consolidated a portion of the funds, traveled abroad, and transferred assets to the crypto wallet of a third party and to the account of a foreign national at an international cryptocurrency exchange. Investigators believe he received cash in exchange for these transfers, which he later shared with his Croatian accomplice.

Throughout the investigation, MUP investigators used TRM’s advanced forensic capabilities including UTXO-based tracing, transaction-pattern fingerprinting, address-behavior analysis, change-of-ownership indicators, and multisignature-related structural detection across multiple chains. These tools allowed the team to reconstruct the laundering architecture, identify off-ramps, and map the full movement of illicit funds with precision. 

The lead investigator publicly thanked cryptocurrency forensics expert Nick Furneaux and TRM Labs, noting that early guidance helped establish investigative direction and accelerate progress.

As shown in TRM Graph Visualizer. In a sophisticated fraud case, assets moved quickly so investigators can leverage blockchain technology like Chainabuse and Beacon Network to alert and flag assets

Once investigators identified key cash-out points, the MUP submitted Chainabuse.com complaints on addresses associated with the scheme. This alert notified the broader cryptocurrency and Beacon communities that the wallets were tied to illicit activity. An exchange performing additional due diligence provided further evidence, strengthening the case.

The Result

Following the investigative findings, the MUP conducted searches at the suspects’ residences, seizing phones, computers, hardware wallets, and other digital evidence. The 45-year-old Austrian suspect was delivered to a detention supervisor, and a judge of the County Court in Zadar ordered investigative custody. A criminal complaint was also filed against the 42-year-old Croatian suspect. The MUP continues tracing funds to determine whether additional victims were targeted and whether additional assets can be recovered.

Conclusion

This case demonstrates how modern financial crime operates across multiple blockchains, borders, and platforms—and why successful investigations require an integrated approach that blends digital forensics with traditional police work. The MUP’s actions reflect the growing sophistication of global law-enforcement agencies adapting to the realities of cyber-enabled crime. The investigation also underscores the importance of collaboration among investigators, forensic specialists, exchanges, and the broader crypto-safety community. As digital asset usage expands, cases like this illustrate that well-equipped and well-trained cyber units can effectively confront emerging threats and bring offenders to justice.

This is some text inside of a div block.

Related posts

arrow right
BLOG
November 7, 2025

Eurojust Coordinates Global Crackdown on €600 Million Crypto Investment Fraud Network

No posts to show
No posts to show
arrow right
CASE STUDY
December 11, 2025

From Dark Web Portals to Prison: How Czech Investigators Exposed a Crypto-Enabled CSAM Scam

arrow right
GUIDE
August 29, 2025

Investigating Crypto Scams | Flip Book

No posts to show

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe and stay up to date with our insights
No items found.
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT