Operation HAECHI VI: Interpol Seizes $439 Million Across 40 Countries, Freezes 400 Crypto Wallets and Shows That Multinational Coordination Works

In coordinated silence, over months between April and August 2026, authorities from 40 countries executed the largest cyber-financial crime operation in Interpol history. When final numbers consolidated, the result was significant: $439 million recovered, comprising $342 million in fiat currency and $97 million in digital assets. Over 68 thousand bank accounts blocked. Around 400 cryptocurrency wallets frozen. And of the total crypto seized, $16 million have been effectively recovered and are in the process of being returned to victims.

The operation's name is HAECHI VI — the sixth edition of a series of multinational operations led by Interpol and named after the haetae, a mythical Korean creature symbolizing justice. Previous editions (HAECHI I through V, between 2021 and 2025) had been raising the seizure ceiling with each cycle. VI consolidates, on a scale that was unthinkable just three years ago, the thesis that public blockchain is not a crime-free zone — it is, in fact, particularly useful terrain for coordinated investigation.

For the reader accustomed to narratives of hacks, breaches, and fraud that dominate crypto news, HAECHI VI is the opposite side of the coin. It is the month's chapter in which the State wins. And the most interesting detail is how.

The target: seven types of crime, one common thread

The operation was not after a single type of crime. It targeted seven categories of cyber-financial fraud:

• Voice phishing (vishing) — scams in which attackers call impersonating banks, police, or public services to extract credentials.
• Romance scams — long-duration schemes in which victims develop false online relationships, eventually being induced to transfer money or crypto.
• Online sextortion — extortion via real or forged intimate material.
• Investment fraud — crypto pyramids, false yield opportunities, clone projects.
• Laundering associated with illegal online betting — use of unregulated digital casinos as conversion points.
• Business Email Compromise (BEC) — invasion or impersonation of corporate email to divert B2B payments.
• E-commerce fraud — from fraudulent returns to fake stores that charge and never deliver.

The common thread among all seven: they all use modern financial infrastructure — digital banks, fintechs, crypto exchanges — to receive and launder proceeds. Before HAECHI VI, each national authority tried to pursue flows within their own jurisdiction, inevitably hitting obstacles when money left the country. The operational gain of the operation was real-time sharing of financial intelligence across 40 jurisdictions.

The technical mechanism: how Interpol coordinates 40 countries without breaching anyone's sovereignty

Interpol's multinational operation model is legally delicate. Interpol, contrary to what Hollywood films suggest, does not have its own agents executing seizures. It is, at its core, a coordination infrastructure. Each seizure is executed by local police in the respective jurisdiction, under local law, with local warrants.

What Interpol does is enable these 40 police forces to act simultaneously, with shared intelligence and coordinated timeline. When this works, the attacker loses the typical escape window — the interval between seizure in jurisdiction A and attempting to move funds to jurisdiction B. In HAECHI VI, this interval was reduced to, in some cases, less than one hour.

The crypto layer of the operation was enabled by partnerships with blockchain analytics companies — Chainalysis, TRM Labs, Elliptic — that track wallet flows in real time and provide intelligence on which specific addresses received funds from which fraud campaigns. When the local prosecutor files a wallet freeze request with a custodial exchange, they arrive armed with a dossier: origin address, amount, timestamp, counterparty.

This model creates an interesting effect: the more sophisticated the on-chain analysis, the riskier it becomes to commit crimes via custodied crypto. Attackers who depend on centralized exchanges to convert crypto to fiat are increasingly in active focus. The path left for truly sophisticated criminals is on-chain mixing (Tornado Cash, Wasabi), obscure cross-chain bridges, and no-KYC exchanges — paths that themselves have become the subject of global regulation and dedicated law enforcement operations, as we saw with Tether's freeze of $344 million in USDT at OFAC's request.

Notable cases: Portugal, Thailand, and the pattern of vulnerable victims

Among the concrete operations revealed in the announcement, two cases illustrate the nature of the problem:

Portugal — 45 suspects arrested, accused of fraudulently misappropriating social security payments intended for vulnerable families. The scheme diverted approximately $270 thousand from 531 victims. The average ticket is low — about $500 per victim — but this value precisely illustrates the crime profile: attacks against vulnerable victims in individually small amounts but socially devastating at scale. It is not the "$1 billion hack" that makes headlines. It is the silent pattern that bleeds the base of the economic pyramid.

Thailand — Royal Thai Police executed seizure of $6.6 million in advanced Business Email Compromise scheme against Thai and West African victims. The combination of jurisdictions is revealing: the attacker operated from a third position, victimizing companies from two geographically distant regions, using shell accounts in a fourth jurisdiction. The case was only resolved through Interpol coordination — no isolated authority had visibility of the whole picture.

These two examples represent what is, structurally, being seized. It is not the movie attacker. It is the fraud operator at industrial scale, with victims spread across, with low to medium average tickets, and with laundering flow requiring multi-jurisdictional tracking. It is exactly the type of crime that was impossible to combat efficiently until blockchain analytics maturity, and which now begins to be tackled with higher success rates.

The contrast with the crypto scenario: state vs. decentralized infrastructure

HAECHI VI is, simultaneously, a State victory and a test of crypto thesis. A victory, because it demonstrates that multilateral coordination works. A test, because it exposes how much of the original Bitcoin promise of "borderless money, censorship-free, without central authority" remains valid in 2026.

The month's panorama was instructive:

• On April 22, Arbitrum — a network that markets itself as "decentralized" — used its security council to freeze $71 million from the Kelp DAO hacker.
• On April 23, Tether froze $344 million in USDT at OFAC's request, in an action linked to sanctions against Iran.
• On April 24, the Brazilian CMN blocked 27 prediction market platforms, including Polymarket and Kalshi.
• And throughout the entire HAECHI VI operation, 400 crypto wallets were frozen in police coordination.

The 2026 pattern is clear: the purportedly decentralized crypto infrastructure is, at all practical points, subject to pause buttons exercised by the State — directly or indirectly, via stablecoin, via custodial exchange, via bridge, via L2 with security council. Real decentralization, in the original cypherpunk sense, survives in narrow layers — self-custodied Bitcoin on hardware wallet never touching an exchange, contracts without active governance, networks without emergency committees. Everything else is regulable financial infrastructure, even when it markets itself as the opposite.

HAECHI VI is the operational evidence of this thesis. And, importantly: this is, to a large extent, good for the average user. A victim of romance scam, BEC, investment fraud — that user, before mature blockchain analytics, simply lost the money forever. Today, there is a real chance of recovery. $16 million have already returned to victims' coffers.

Implication for Brazil: are we headed to the next HAECHI?

Brazil was not among the 40 countries explicitly cited as participants in HAECHI VI — at least not in the public disclosure so far. This is, in itself, a window. With the entry into force of the mandatory crypto exchange regime on May 4, with SPSAVs authorized to operate under formal anti-money laundering prevention requirements, and with the infrastructure for monitoring international flows closing its first cycle, the country now has the technical-legal framework to participate in future editions.

Brazilian cases that would benefit from multinational coordination are no shortage. The GoPix trojan, still active, launders proceeds via exchange and stablecoin mixing. The waves of personal data breaches that marked April in Brazil feed global fraud markets operating without borders. Romance scams against Brazilians operated from Israel, Nigeria, or the Philippines steal non-negligible volumes.

The point: the tools exist. Regulatory political will exists (the speed of the BC/CMN agenda in 2026 proves it). What we still lack is culture of active international operational coordination in crypto fraud. Brazil has a capable Federal Police, but operates mostly on domestic cases. The next frontier is exactly this: routinely integrate into HAECHI models.

What citizens need to know about fund recovery

An aspect rarely discussed in standard coverage of operations like HAECHI VI: what happens to recovered money. The answer varies by jurisdiction, but the general rule is:

1. Seized funds go into official custody of the authority that executed the seizure.
2. Individual victims who identify themselves, with proof of transaction and correct identification, can request restitution.
3. In cases of fraud with many victims, often the judge orders proportional distribution — each victim receives a percentage of what was recovered, rarely 100%.
4. The judicial process can take from 6 months to 3 years between seizure and actual restitution to the victim's pocket.

For the Brazilian citizen victim of international crypto fraud, the practical path is: file a detailed Police Report, with transaction hash, wallet address, screenshots of communication, and payment evidence; file a complaint with the Federal Police, which has a dedicated cyber crime unit; keep documentation for years, because operations like HAECHI VI eventually bring opportunities for compensation that may take time to appear.

The ON3X perspective

Three takeaways to close.

One: modern government has learned blockchain analytics. The narrative of "crypto is a free zone" survived until 2020. From 2021 onwards, with mature Chainalysis and adoption by Interpol, FBI, Europol and peers, that narrative became commercial fantasy sold in Telegram forums. HAECHI VI is another landmark — not the first, not the last — of that shift.

Two: the average victim of crypto fraud is not the sophisticated trader. It is the Portuguese pensioner, the Thai businessman, the young Brazilian who fell for a romance scam. These cases don't make headlines. But they are what builds the real volume of crypto crime — not the $100 million DeFi hacks. And it is precisely this pattern that operations like HAECHI VI attack with increasing success rates. If you operate crypto and never fell for fraud, consider that privilege — not skill.

Three: Brazil needs to enter the HAECHI model actively, not passively. Receiving occasional cooperation requests is different from being part of the simultaneous operation circle. For this, it is necessary to invest in personnel qualified in blockchain analytics within the Federal Police, formal long-term partnership with Chainalysis or TRM Labs, and permanent liaison officer in Lyon (Interpol headquarters) focused on crypto crime. The costs are marginal. The benefits — in terms of effective fund recovery for Brazilian victims — are substantial.

What to monitor in the coming weeks: release of national reports on individual seizures linked to HAECHI VI, data on which specific wallets were frozen (usually published on sanctions lists after the cycle), and any indication from the Brazilian Ministry of Justice about participation in future editions. The next round — HAECHI VII — will likely begin in the second half of 2026.