The U.S. Department of Justice announced the results of an unprecedented joint operation by government agencies and the private sector against transnational scam networks in Southeast Asia. Operation Disruption Week, launched on May 18, 2026, led to the takedown of more than 1.4 million fraudulent accounts, pages, and groups on Facebook and Instagram, the blocking of 20,000 Microsoft accounts, and the disconnection of thousands of Starlink terminals. Private companies froze over $3.8 million in cryptocurrency tied to laundering funds stolen from Americans. The operation affects all users of cryptocurrency platforms and social networks who may fall victim to so‑called “pig butchering” schemes—investment fraud based on building long‑term trust relationships with the victim.
Scale of the operation and participants
Disruption Week was conducted under the ongoing Scam Center Strike Force initiative, whose goal is to dismantle transnational criminal organizations that run cyberfraud and “pig butchering” schemes from dedicated compounds in Southeast Asia. The initiative also targets associated human trafficking and money‑laundering operations.
The composition of the participants is telling—for the first time, nine of the largest technology and analytics companies were simultaneously involved in this kind of coordination: Apple, Coinbase, Google, Meta, Microsoft, Silent Push, SpaceX/Starlink, TRM Labs, and Zenlayer. Law‑enforcement participants included the Australian Federal Police, the Canadian Anti‑Fraud Centre, New Zealand Police, the Royal Thai Police, and the UK National Crime Agency.
Specific results of the operation include:
- Disruption of criminal activity on more than 1.4 million accounts, pages, and groups on Facebook and Instagram
- Blocking of 20,000 Microsoft accounts
- Disconnection of thousands of Starlink terminals used by scammers
- Disruption of malicious IP traffic and network connections supporting fraudulent operations
- Decommissioning of servers, colocation sites, and hosting infrastructure of scam networks
- Identification of numerous scammers and fraudulent platforms, with materials passed to U.S. authorities
- Arrest of seven scammers in Thailand and initiation of new cases by the Royal Thai Police
According to a statement from Meta, law enforcement arrested 63 alleged criminals linked to scam centers, and Coinbase froze more than $3 million in cryptocurrency assets tied to criminal networks. It should be noted that these figures come from a corporate statement by a participating company and are not independently confirmed in the official DOJ press release.
Anatomy of the threat: the industrialization of fraud
The key context for this operation is the scale of the industrialization of fraud. According to the DOJ, losses by Americans to cryptocurrency investment schemes rose from $3.96 billion in 2023 to $5.8 billion in 2024 and to more than $7.2 billion in 2025, a 24% year‑over‑year increase. This trend reflects not just a rise in the number of scammers, but the systematic scaling‑up of criminal infrastructure.
The DOJ notes that many of these schemes are run from industrial‑style compounds in Cambodia, Laos, and Myanmar along the border with Thailand. Criminal syndicates lure workers to Thailand with promises of well‑paid technical jobs, then confiscate their documents and move them into scam compounds. Inside these facilities, human‑trafficking victims are forced, under threat of violence, to run fraud operations targeting citizens of the U.S. and other countries.
The “pig butchering” scheme itself is built on cultivating a long‑term relationship with a potential victim. Scammers gradually persuade the victim to deposit funds into fake investment platforms, promising high returns. Once the deposits are made, the assets are transferred to accounts controlled by the scammers. When the victim runs out of money or realizes they have been duped, the criminals cut off contact.
Impact assessment
The disconnection of thousands of Starlink terminals deserves special attention. Satellite internet has become a critical piece of infrastructure for scam compounds, allowing them to operate in remote areas of Southeast Asia where terrestrial infrastructure is limited or controlled by authorities. SpaceX’s participation in the operation sets a precedent for involving satellite communications providers in the fight against cybercrime.
However, $3.8 million in frozen cryptoassets is less than 0.05% of the $7.2 billion in annual losses. Operation Disruption Week is primarily a strike against the delivery infrastructure of fraud (accounts, networks, servers), rather than against financial flows. The effectiveness of this approach will be determined by how quickly criminal networks can rebuild their infrastructure.
Practical recommendations
For organizations and individuals who may be targeted by such schemes:
- Verify investment platforms—legitimate platforms are registered with the SEC or FINRA. Lack of registration is a clear indicator of fraud
- Critically assess online contacts who offer investment opportunities, especially if the relationship started on social networks or in messengers
- Do not transfer cryptocurrency to platforms recommended by online acquaintances, regardless of how long you have been in contact
- Report suspicious activity through ic3.gov (Internet Crime Complaint Center)—data from such reports is used in operations like Disruption Week
- For companies: training employees to recognize social engineering remains the main defense, as scammers are increasingly using corporate channels for the initial contact
Disruption Week shows that coordination between technology companies and law‑enforcement agencies in five countries can deliver tangible blows to scam network infrastructure. The key factor for long‑term effectiveness will be the regularity of such operations: one‑off campaigns have only a temporary effect, whereas sustained pressure on infrastructure—from social‑media accounts to satellite terminals—can significantly raise the cost of running fraudulent operations for criminal syndicates.
