Cybercriminals Exploit French Fintech Platforms to Launder Stolen Funds Across Europe
A sophisticated cybercrime operation is leveraging freelancer-focused fintech platforms in France to create verified mule accounts, facilitating the movement of stolen money across Europe. Research from Group-IB reveals that services like Revolut, Wise, and N26 popular for their fast onboarding and business-grade tools have become prime targets for fraud networks due to their ease of use and cross-border transfer capabilities.
Criminals exploit the hybrid nature of these accounts, which combine personal identity verification with business-like functionality, allowing them to appear legitimate while rapidly transferring illicit funds. Verified mule accounts are sold on dark web markets for $300 to $700 each, often with escrow guarantees and replacement policies, underscoring the professionalization of the scheme.
The operation follows a multi-stage process, beginning with phishing attacks that harvest victims’ personal data. One tactic involved fake mortgage advice sites, tricking users into submitting sensitive information later used to open fintech accounts. Once established, these accounts serve as conduits for stolen funds, complicating recovery efforts due to instant payment rails.
The financial impact is severe: credit transfer fraud losses in the European Economic Area (EEA) reached €2.5 billion in 2024 a 24% increase from the previous year with end users bearing 85% of the costs. Group-IB’s findings highlight the scale of the problem, estimating that nearly 1 in 7 business account sign-ups in France may be fraudulent.
The scheme is linked to organized cybercrime groups, including the ASGARD Network, with one actor, @astarta_seller1, actively advertising verified European accounts on underground forums. French entrepreneur accounts are particularly prized, commanding premium prices and indicating a targeted, high-volume operation. Many mule accounts likely remain undetected, posing an ongoing threat to financial security.
Source: https://cyberpress.org/french-fintech-funds-routed/
N26 cybersecurity rating report: https://www.rankiteo.com/company/n26
"id": "N261776853591",
"linkid": "n26",
"type": "Cyber Attack",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Europe',
'name': 'Revolut',
'type': 'Fintech Platform'},
{'industry': 'Financial Services',
'location': 'Europe',
'name': 'Wise',
'type': 'Fintech Platform'},
{'industry': 'Financial Services',
'location': 'Europe',
'name': 'N26',
'type': 'Fintech Platform'}],
'attack_vector': 'Phishing, Stolen Personal Data, Dark Web Marketplaces',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal data, personally '
'identifiable information'},
'description': 'A sophisticated cybercrime operation is leveraging '
'freelancer-focused fintech platforms in France to create '
'verified mule accounts, facilitating the movement of stolen '
'money across Europe. Research from Group-IB reveals that '
'services like Revolut, Wise, and N26 have become prime '
'targets for fraud networks due to their ease of use and '
'cross-border transfer capabilities. Criminals exploit the '
'hybrid nature of these accounts to appear legitimate while '
'rapidly transferring illicit funds. Verified mule accounts '
'are sold on dark web markets for $300 to $700 each, often '
'with escrow guarantees and replacement policies. The '
'operation involves phishing attacks, fake mortgage advice '
'sites, and the use of stolen personal data to open fintech '
'accounts. The financial impact includes €2.5 billion in '
'credit transfer fraud losses in the EEA in 2024, with end '
'users bearing 85% of the costs. The scheme is linked to '
'organized cybercrime groups, including the ASGARD Network.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'fintech platforms',
'data_compromised': 'Personal data, personally identifiable '
'information',
'financial_loss': '€2.5 billion in credit transfer fraud losses in '
'the EEA (2024)',
'identity_theft_risk': 'High',
'operational_impact': 'Fraudulent account creation, illicit fund '
'transfers',
'payment_information_risk': 'High',
'systems_affected': 'Fintech platforms (Revolut, Wise, N26)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Verified mule accounts '
'($300-$700 each)',
'entry_point': 'Phishing attacks, fake mortgage '
'advice sites',
'high_value_targets': 'Fintech platforms (Revolut, '
'Wise, N26)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Fintech platforms with fast onboarding and business-grade '
'tools are vulnerable to exploitation for money '
'laundering. Hybrid account functionality can be abused by '
'cybercriminals. Phishing and stolen personal data are key '
'enablers of fraudulent account creation.',
'motivation': 'Financial gain, money laundering',
'post_incident_analysis': {'root_causes': 'Ease of onboarding and '
'business-grade tools in fintech '
'platforms, hybrid account '
'functionality, phishing attacks, '
'stolen personal data'},
'recommendations': 'Enhance identity verification processes for fintech '
'platforms. Implement stricter monitoring of business '
'account sign-ups. Collaborate with law enforcement and '
'cybersecurity firms to disrupt dark web marketplaces '
'selling verified mule accounts. Educate users on phishing '
'risks and safe data handling practices.',
'references': [{'source': 'Group-IB Research'}],
'response': {'third_party_assistance': 'Group-IB (research and '
'investigation)'},
'threat_actor': ['ASGARD Network', '@astarta_seller1'],
'title': 'Cybercriminals Exploit French Fintech Platforms to Launder Stolen '
'Funds Across Europe',
'type': 'Financial Fraud, Money Laundering, Phishing',
'vulnerability_exploited': 'Ease of onboarding and business-grade tools in '
'fintech platforms, hybrid account functionality'}