FBI Seizure Crypto Case: 13 Domains Seized From Chinese Spies

FBI Seizure Crypto Case: How 13 Fake Sites Targeted Clearance Holders

What if your next job offer was actually a foreign intelligence operation — and you'd never know?

On June 10, 2026, the Department of Justice and FBI announced the FBI seizure crypto case: 13 internet domains taken down as part of a national security operation. The sites were allegedly run by suspected Chinese intelligence agents posing as consulting firms. Their targets were current and former US government and military personnel holding active security clearances. Their payment method was cryptocurrency — used to hide who was paying and where the money came from.

Source: X(formerly Twitter)

FBI Seizure Crypto Case: How 13 Fake Sites Targeted Clearance Holders

The scheme ran for nearly three years, starting in November 2023.

The 13 seized domains operated under names built to sound credible — Centrik Global Consulting, Catalyst Global Solutions, GeoIndopacific, SafeSec Group, and Gulf Peace Foundation among others. Each posed as a legitimate global consulting or policy research firm. Operators posted vague "research" and "consulting" job listings on real recruiting platforms, aimed at people with foreign policy, defense, or national security backgrounds.

Once someone applied, the real targeting began. Three tactics made it hard to detect:

• AI-generated personas — fake headshots and entirely fictitious recruiter identities, with no real person behind the contact

• Encrypted messaging — Telegram was used heavily so communications left no traceable email trail

• Timing — the operation accelerated as mass federal layoffs left tens of thousands of newly unemployed cleared workers actively job-hunting

Special Agent Dan Wierzbicki, who heads counterintelligence and cyber at the Washington field office, said the case broke open largely through tips. People who'd been contacted said something felt off — specifically, that they were being paid through cryptocurrency or an unusual online payment system instead of a normal employer.

FBI Seizure Crypto Case: Why Crypto Was Central to the Operation

This FBI seizure crypto case isn't about digital currency as the target — it's about crypto as the tool that made the scheme work.

According to the DOJ affidavit, the conspirators paid recruits through online accounts registered to fictitious people, and used cryptocurrency specifically to conceal both their identities and the true source of funds. That structure let money move from outside the US to targets inside the country without a bank ever verifying who was really sending it.

This isn't an isolated pattern. Last month, Taiwanese prosecutors charged a television journalist accused of receiving USDT payments from an alleged Chinese operative — suggesting stablecoin payments for covert recruitment are becoming a documented tradecraft method.

After the seizures, the FBI replaced all 13 domains with takeover notices, informing visitors the sites were part of an active investigation into bribery, identity theft, and international money laundering.

Assistant Director Roman Rozhavsky, who leads the Counterintelligence and Espionage Division, said the seized domains show how far Chinese intelligence services will go — using AI-generated content to trick, recruit, or coerce current and former US clearance holders into handing over sensitive information.

FBI Seizure Crypto Case: What It Means for Regulation and AI

This FBI seizure crypto case adds a documented data point to a regulatory debate that's been building all year.

The DOJ affidavit is a primary legal source — and that matters. It gives regulators a specific, verified example to cite when pushing for stricter KYC requirements on crypto payment platforms. The argument that crypto's illicit use is limited to small-scale criminals no longer holds as the dominant narrative. State-level actors are now documented users.

Assistant Attorney General for National Security John Eisenberg warned that these domain seizures show how foreign actors use promises of easy money to lure Americans into revealing sensitive or classified information they're duty-bound to protect. By seizing the domains and exposing the tactics, he said, the DOJ is working to protect national security and help the public recognize these threats.

US Attorney Jeanine Ferris Pirro added that the Chinese government has long tried to exploit US government employees through fake companies and phony job postings — and that these seizures shut that down and prevent the sites from being used against Americans with sensitive access.

Three red flags the FBI says should trigger immediate reporting:

• A job offering unusually high pay for vague "research" or "consulting" work

• Payment offered in cryptocurrency or through an unverifiable online account

• A recruiter who quickly escalates to asking for internal reports or non-public documents

Anyone approached with a suspicious offer matching this pattern is urged to report it.

Conclusion

The FBI seizure crypto case confirms a new espionage playbook: AI deepfakes build the fake firms, job platforms deliver the targets, and crypto payments make the money untraceable. Thirteen domains are down and the DOJ has the affidavit — but the tactics cost almost nothing to replicate. This won't be the last case.

YMYL Disclaimer

This article is for informational and educational purposes only. All details regarding the seizure are sourced from the official U.S. Department of Justice press releases dated June 10, 2026. The conspirators denied involvement by any foreign government per court documents. This article does not accuse any specific individual and reports only what is documented in public DOJ affidavits and official statements. Anyone with information relevant to foreign intelligence recruitment activities should report to tips.fbi.gov.