FBI Dismantles W3LL Phishing Ring, Arrests Developer Behind ₱1.2 billion ($20 million) Scam
W3LL operated as an underground marketplace selling phishing kits designed to bypass multi-factor authentication, generating over ₱1.2 billion ($20 million) in fraudulent gains before authorities shut it down.
Key Takeaway
Multi-factor authentication isn't enough—W3LL's session tracking shows phishing kits are getting more sophisticated.
Indonesian police detained G.L., the alleged developer of W3LL, a phishing network that defrauded 17,000 victims of ₱1.2 billion ($20 million).
The FBI coordinated with the U.S. Attorney's Office for the Northern District of Georgia and Indonesian National Police to dismantle the operation. W3LL operated as W3LLSTORE from 2019 to 2023, selling phishing kits for ₱30,066 ($500) each on an underground marketplace. The kits included session data tracking tools that bypassed multi-factor authentication, making them particularly effective against crypto exchange users and online banking customers.
Over 25,000 compromised accounts were sold through the platform before authorities shut it down. FBI Atlanta Special Agent in Charge Marlo Graham said this wasn't just phishing but a full-service cybercrime platform.
Indonesian National Police Brigadier General Roberto G.M. said the collaboration provided valuable insights and enhanced collective capacity to address transnational cybercrime. Indonesia's PPATK financial intelligence unit operates the SIPENDAR platform for real-time information sharing between financial institutions and law enforcement. The country's Financial Services Authority assumed crypto platform supervision in 2024, imposing mandatory suspicious transaction reporting under SEOJK No. 20 of 2024 for anti-money laundering compliance.
This article was written based on reporting from BeInCrypto.
