黑客阅读 hackread

Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network

A global law enforcement operation has shut down more than 373,000 dark web websites linked to a large cybercrime network, making it one of the biggest coordinated takedowns of its kind. These sites offered cybercrime-as-a-service (CaaS) and illegal content, including child sexual abuse material (CSAM).

The operation, backed by Europol and led by German authorities, targeted a network built around a dark web platform known as “Alice with Violence CP.” The case began in 2021 as a routine investigation, but investigators soon uncovered a much larger network behind it.

Authorities say one person was running more than 373,000 onion domains. The volume of sites allowed the network to flood the dark web with fake marketplaces. These pages advertised illegal content and cybercrime services but were set up to collect cryptocurrency from users without delivering anything.

The takedown, known as “Operation Alice,” ran from March 9 to March 19, 2026, and involved agencies from 23 countries. Alongside the domain seizures, investigators took control of more than 100 servers and various electronic devices, disrupting much of the infrastructure behind the network.

The investigation also exposed the customer side of the operation. Law enforcement identified around 440 individuals who had used the platform, with more than 100 cases still under investigation. Even though the services were fraudulent, attempting to purchase illegal material remains a criminal offense in many jurisdictions.

Financially, the operation was low-cost for users but profitable overall. The suspect is believed to have earned over €345,000 from roughly 10,000 customers, offering “packages” priced between €17 and €215, all paid in cryptocurrency.

From a technical view, the operator took advantage of the high number of websites, setting up hundreds of thousands of small, short-lived sites. This made tracking harder and created the impression of a much bigger operation.

Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network
Equipment seized during the operation, alongside location data linked to suspected buyers (Credit: Europol)

According to Europol’s press release published on March 20, 2026, an international arrest warrant has been issued for the main suspect, a 35-year-old man believed to be based in China. Authorities are continuing to track both users and any remaining infrastructure linked to the operation.

Although the takedown removes a large volume of illicit activity from the dark web, it also shows how easily such networks can scale using automation, cryptocurrency, and anonymized hosting. Similar operations have shown that once one network is dismantled, others step in fast, often using the same tactics under new identities.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism.

MUST READ

  1. Europol Busts Major Online CSAM Racket in Western Balkans
  2. Researchers Track Identities of CSAM Users via Malware Logs
  3. Man Jailed for Running Dark Web CSAM Sites from Coffee Shop
  4. 79 Arrested as Dark Web’s Largest CSAM Network ‘Kidflix’ Busted
  5. Dark web data center seized for hosting CSAM in former NATO bunker