European crime agencies seize VPN "deeply embedded in the cybercrime ecosystem"

21 May 2026, 16:00 by George Phillips · tom's guide

(Image credit: FRED TANNEAU / Getty Images)

Copy link
Facebook
X
Reddit
Email

Share this article
0
Join the conversation
Follow us
Add us as a preferred source on Google
Newsletter
Subscribe to our newsletter

A co-ordinated international operation, led by France and the Netherlands, has seen authorities seize and dismantle a VPN used by cyber criminals.

"firstVPNservice" – software not featured in our guide to the best VPNs – was "deeply embedded in the cybercrime ecosystem," and has been promoted on Russian-speaking cybercrime forums.

The investigation, supported by Europol and Eurojust, was launched in 2021 and dubbed Operation Saffron. Domains, IP addresses, and servers were seized, and users of the VPN have been identified.

A complete shutdown

(Image credit: Future)

Operation Saffron was led by France and the Netherlands, and was assisted by crime agencies from the UK, Switzerland, Ukraine, Luxembourg, Romania, and the EU. Additional support was provided by Spain, Sweden, Canada, Germany, and the US.

The target was firstVPNservice. The VPN has been described as "a trusted tool for remaining beyond the reach of law enforcement." It reportedly offered anonymous payments and hidden infrastructure to its users, as well as "services designed specifically for criminal use."

Action took place between 19-20 May, and targeted firstVPNservice's infrastructure. The VPN's administrator was interviewed, and a house in Ukraine was searched.

33 servers used for criminal activity, covering 27 countries, were dismantled. Infrastructure used to support worldwide criminal activity was disrupted. The following domain names were seized:

1vpns.com
1vpns.net
1vpns.org
Associated .onion domains

Users of firstVPNservice have been identified and notified of its shutdown. 65 IP addresses were identified and posted online.

(Image credit: Future)

According to Europol, "investigators gained access to the service, obtained its user database, and identified VPN connections used by cybercriminals seeking to conceal their activities."

Edvardas Šileris, Head of Europol's European Cybercrime Centre, said: "For years, cybercriminals saw this VPN service as a gateway to anonymity. They believed it would keep them beyond the reach of law enforcement."

"This operation proves them wrong. Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate and evade law enforcement."

This case reinforces the fact that VPNs are not an excuse for criminal activity. VPNs are legal, but using them for illegal purposes will see law enforcement take action.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Staff Writer

George is a Staff Writer at Tom's Guide, covering VPN, privacy, and cybersecurity news. He is especially interested in digital rights and censorship, and its interplay with politics. Outside of work, George is passionate about music, Star Wars, and Karate.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout