On May 22, it was reported that law enforcement agencies had successfully seized the critical infrastructure of LummaC2, a malware that carried out cryptocurrency wallet mnemonic theft against millions of users. The operation was jointly carried out by the U.S. Department of Justice, Europol, Japan Cybercrime Control Center, Microsoft and other parties. According to Microsoft data, between March and May 2025, more than 394,000 Windows systems worldwide were found infected with the malware. Microsoft has seized and disabled more than 2,300 domain names that support LummaC2 operations through civil litigation. The FBI has confirmed that at least 1.7 million theft attempts have occurred through the LummaC2 alone. Launched in 2022 by a Russian developer with the online name "Shamel", the malware is mainly marketed through telegram and Russian forums and provides a layered service package that allows buyers to customize, distribute and track stolen data.