World News & Events Started Jul 9, 2026 1:26 AM

Norway arrests 28, claims to trace Monero Transactions

13 replies - 268 views - 2 thanks - 0 tippers - 6 watchers

Poll

7 votes

Did Norway Actually Trace the Monero used?

  • No 5 (71%)
  • Yes 2 (29%)

Login to vote in this poll.

Jul 9, 2026 1:26 AM
#1
Norway Tracking Tracing Arrests News

https://cryptobriefing.com/norway-arrests-monero-dark-web-crackdown/

Has anyone heard of this news or discussed it before? Any opinions or analysis?

Kripos developed new methods to track Monero transactions in 2025, raising fresh questions about the long-term viability of privacy coins as anonymous payment rails.

Norway’s National Criminal Investigation Service, known as Kripos, announced the arrest of 28 men across seven countries following an operation conducted in early June 2026. The suspects allegedly used Monero to pay for access to child sexual abuse material on multiple dark web forums. Three children were safeguarded, and over 460 items were seized, including electronic devices, crypto wallets, and illegal drugs.

The arrests spanned Norway, Sweden, Switzerland, Canada, the Czech Republic, Poland, and Germany. Europol supported the operation, underscoring the kind of multi-jurisdictional coordination that has become increasingly common in dark web takedowns.

Kripos developed new methods for tracing Monero transactions in 2025. The agency has not disclosed exactly how those methods work, which is deliberate. But the operational result speaks for itself: 28 arrests across seven countries tied to payments made in a coin that many assumed was beyond reach.

More arrests are expected as the investigation continues, according to Kripos.

One suspect was also reported to have used artificial intelligence extensively to generate illegal material. Some victims were identified as family members of the suspects.

Major exchanges, including Kraken and Binance, delisted Monero in various markets between 2021 and 2023 under regulatory pressure. The Financial Action Task Force has repeatedly flagged privacy coins as high-risk assets for money laundering and illicit finance.

This operation fits into a broader pattern. The Kidflix takedown and Operation Grayskull in 2025 collectively led to hundreds of arrests globally and relied heavily on forensic crypto analysis.

Signature

I'm an artist (skills in vtuber making and livestreaming), wannabe singer, and chronically lonely loser- always willing to chat about nearly anything. Don't hesitate to start a convo with me.

2 thanks - 0 tippers - 6 watchers

Replies

Page 2 of 2 - 13 total
Jul 10, 2026 1:43 AM
#12

@nemesis
from my understanding, monero with proper practices cant, but as mentioned by jeffro there's still things like EAE attacks and whatnot, the whole "Breaking Monero" series on youtube goes very indepth into all these attack vectors:
https://inv.nadeko.net/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y
(EAE attack is episode 9 of it)
idk much about all that tbh, and i just hate the whole "its cause you using it wrong" design type thing, like what, users gotta learn to churn their thing, single use addresses type of things.... such a headache...
so that's also why FCMP++ is so important, protocol improvments on monero been years behind, that's what would be able to catch it up on alot of the technical debt
that reddit thread goes into the history of all the work that has been done but abandoned which lead to alot of time losses and technical debts:
https://redlib.catsarch.com/r/Monero/comments/1j745kf/more_vitamins_for_monero_with_carrot_part_2/
part one:
https://redlib.catsarch.com/r/Monero/comments/1iph8fz/more_vitamins_for_monero_with_carrot_part_1/
since C.A.R.R.O.T will also be shipped alongside FCMP++, usually when saying just "FCMP++" it also includes it as well, but i guess like saying "linux" instead of "gnu/linux", some people might feel left off on that but still, important work for both of these lol

for bitcoin however, it's that article from back in 2019/2020 that opened my eyes on the traceability even when doing the whole mixing, using exchanges, using THOUSANDS of different addresses and so on, actual craziness:
https://www.chainalysis.com/blog/plustoken-scam-bitcoin-price/

The flow of the 45,000 stolen Bitcoin is more complicated. So far, roughly 25,000 of it has been cashed out. The other 20,000 is currently spread out across more than 8,700 cryptocurrency addresses, which speaks to the high level of effort the scammers put into obfuscating the movement of funds. The scammers have transferred the Bitcoin more than 24,000 times, using more than 71,000 different addresses — and that’s not even counting cash outs or transfers to off-ramps such as exchanges.

Many of those transactions were conducted through mixers like Wasabi Wallet, which utilizes the CoinJoin protocol to make it more difficult to trace the path of funds. You can see an example in the Chainalysis Reactor graph below.

lol1

At other points, the scammers utilized peel chains and other complex movements to obfuscate the path of funds. Peel chains are strings of transactions commonly used for money laundering, in which entities send funds through several wallets in quick succession, usually breaking off small amounts to cash out at each step and sending the majority on to the next wallet.

lol2

The graph above is a great example of the PlusToken scammers’ obfuscation attempts. The funds start in the wallet in the upper left hand corner, and move to the right. Diagonal movements represent a change in address type, while vertical movements represent the use of a mixer.

like, that was 2019/2020 they were already doing that, shit's crazy for bitcoin lol

1 thanks - nemesis - 0 tippers
Jul 10, 2026 3:23 PM Edited Jul 10, 2026 3:24 PM
#13

@xenu
Oh ok, got what ya mean now. That's pretty much what I meant by it being an opsec issue not a xmr issue and that humans are always the weakest link.

Signature

principles over profit

0 thanks - 0 tippers
Jul 10, 2026 3:29 PM
#14

@SpinningCat

monero with proper practices cant

This is what i was getting at and what I meant by it being an opsec issue. So any implication or outright claim that they traced a xmr tx in and of itself is clearly bs. Obviously, if they actually do investigative work, yea pieces can be put together. But again, its not a xmr issue. Its a human issue

Signature

principles over profit

0 thanks - 0 tippers

Post A Reply

You must be logged in to reply. Login or register.