Contact us
Contact us

News

About

Home Crypto News Netherlands seizes servers in 17M-device botnet takedown

Netherlands seizes servers in 17M-device botnet takedown

Author Whitewallet Research
Posted: 31 May 2026, 13:15 CET 2 min read

Dutch authorities dismantled a botnet of at least 17 million infected devices and seized more than 200 Netherlands-based servers tied to a residential proxy service.

Dutch police and the National Cyber Security Center dismantled a botnet that had enlisted at least 17 million infected devices and removed more than 200 servers in the Netherlands that acted as the network’s backend for a residential proxy service.

Authorities identified a hosting provider that supplied parts of the infrastructure and seized a subset of the servers. After the seizures, the provider took portions of the network offline once it learned the systems were being used for criminal purposes.

Investigators say the botnet operated through a control layer on the seized servers to manage compromised computers, tablets, smartphones and internet-connected devices. Those devices were then available to route traffic for customers of the proxy service.

Security teams linked the infected devices to a proxy ecosystem that includes mobile proxy software and residential proxy offerings. In April 2024, a campaign tracked as PROXYLIB involved infected Android devices running proxyware developed by LumiApps and connections to the proxy service known as Asocks.

Asocks advertises corporate, residential and mobile proxies with monthly subscriptions roughly between $5 and $15 and discounts for bulk purchases of 10 to 100 proxies.

The National Cyber Security Center explained, “Devices can become part of a botnet when they are accessible to malicious actors. After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities.”

Authorities urged users and organizations to reduce exposure by keeping operating systems and firmware up to date, monitoring edge devices such as routers, using strong passwords and two-factor authentication, installing apps only from trusted sources, changing default device credentials, and securing Wi‑Fi with WPA2 or WPA3 encryption.

No information on arrests or criminal charges has been released. Officials said the server seizures removed a key part of the botnet’s control infrastructure, and security teams are reviewing indicators of compromise and network traffic patterns to help identify and remediate infected systems.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE