The U.S. Department of Justice and a coalition of tech giants spent four days in May tearing into the digital plumbing of Southeast Asia’s industrial-scale fraud compounds — and on June 4 they revealed the damage. Under the banner of the Scam Center Strike Force, the operation dubbed “Disruption Week” killed more than 1.4 million accounts, pages and groups, froze $3.8 million in cryptocurrency, pulled thousands of Starlink terminals offline, and produced seven arrests in Thailand.
The model is what makes it notable. Rather than the usual sealed indictment and overseas raid, Disruption Week put federal agents and private-sector engineers in the same room in Washington, D.C., from May 18 to 21, and let them act on shared intelligence in near real time. It is the clearest expression yet of a strategy we have watched mature across a year of global cybercrime takedowns: the people who own the platforms scammers abuse are now sitting at the same table as the people who prosecute them.
Who was in the room
The public sector brought the DOJ, FBI, U.S. Secret Service, and Homeland Security Investigations, joined by the Australian Federal Police, the Canadian Anti-Fraud Centre, the New Zealand Police, the Royal Thai Police, and the U.K. National Crime Agency.
The private sector brought the platforms the fraud actually runs on: Apple, Coinbase, Google, Meta, Microsoft, SpaceX/Starlink, TRM Labs, Silent Push, and Zenlayer. Each contributed a different layer of the kill chain — Meta and Microsoft the social and email accounts used to lure victims, Coinbase and TRM Labs the on-chain money trail, SpaceX the satellite connectivity that keeps remote jungle compounds online.
What got disrupted
The tallies reflect that division of labor:
- Meta removed more than 1.4 million accounts, pages and groups across Facebook and Instagram.
- Microsoft disrupted roughly 20,000 accounts.
- SpaceX took thousands of Starlink kits offline — the connectivity lifeline for compounds operating beyond the reach of national telecom infrastructure.
- Private firms voluntarily froze over $3.8 million in crypto, with Coinbase alone freezing about $3 million.
- Malicious IP traffic was interrupted and hosting infrastructure decommissioned.
- The Royal Thai Police arrested seven scammers and opened new cases through its Anti-Cyber Scam Center.
The Starlink figure deserves attention. As governments have squeezed the terrestrial networks feeding scam compounds, operators have leaned on satellite uplinks to stay connected. Pulling thousands of kits offline strikes at a dependency that the fraud factories cannot easily route around — and signals that the providers of that connectivity are now willing to act as enforcement partners.
The industry it targets
Pig-butchering — the slow-burn “romance baiting” con in which victims are groomed over weeks before being steered into a fake crypto investment platform — has become one of the most lucrative criminal enterprises on earth. Reported losses have climbed relentlessly: $3.96 billion in 2023, $5.8 billion in 2024, and $7.2 billion in 2025, a 24% year-over-year jump. And those are only the losses victims were willing to report.
Behind the numbers sits a brutal human supply chain. The compounds in Myanmar, Cambodia and Laos are staffed in large part by trafficking victims — lured by fake job ads, stripped of their passports, and forced to run scripts against strangers under threat of violence. Disrupting the scams is inseparable from disrupting the trafficking and money-laundering networks that feed them.
“Cyber-enabled and crypto investment fraud is devastating Main Street Americans, wiping out life savings and preying on some of our most vulnerable citizens,” said U.S. Attorney Jeanine Ferris Pirro.
Part of a widening campaign
Disruption Week does not stand alone. It lands in the middle of the most aggressive run of anti-fraud enforcement we have ever tracked, alongside Operation Tri-Force Sentinel’s 276 pig-butchering arrests, Interpol’s Operation First Light and its $701 million in disrupted crypto scams, the first-ever VPN takedown in Operation Saffron, and Europol’s €700 million crypto-fraud network dismantlement.
The pattern across all of them is the same shift in tactics. Arrests still matter, but they are slow, jurisdiction-bound, and easily outpaced by criminals who simply spin up new shells. Disruption — freezing wallets, deleting accounts at scale, severing connectivity — hits the economics directly and can be executed in days rather than years.
The hard part comes next
The open question is durability. A scam network that loses 1.4 million accounts and a few million dollars in frozen crypto can, in principle, rebuild — new accounts, new wallets, new uplinks. The compounds themselves remain physically intact and largely beyond Western legal reach, protected by jurisdictions with little appetite for cooperation.
What Disruption Week proves is that the public-private model can inflict real, rapid damage when the platform owners choose to participate. The next test is cadence: whether this becomes a repeatable rhythm that keeps the fraud factories perpetually rebuilding, or a one-off show of force they simply wait out. For now, the strike landed — and the people who own the internet’s biggest platforms helped throw the punch.
