Exploitation of displaced women for $4.75 million laundering through online betting and bots

A joint police operation between Spain and Ukraine has brought to light a criminal network that took advantage of the vulnerability of women displaced by war to implement a sophisticated scheme of money laundering through online betting. The researchers estimate that the illicit benefits amount to almost EUR 4.75 million, and that the structure combined human coercion with computer automation to whiten the funds.

According to the European authorities, the organization was established during the conflict and focused its recruitment on young women from areas that had been subjected to continued bombing or attacks. The recruitment cells financed the movement to Spain, where the victims were under rigid control. In a number of cases, they were accompanied to the official centres to process temporary protection and requested them to open bank accounts and credit cards, instruments which they then became virtually immediately controlled.

This information is contained in official communiqués issued by Europol and National Police Spanish, who also detail how fraud was implemented: "captured" accounts fed an automated operation that used bot-type programs to make thousands of simultaneous bets on online gambling platforms.

The method chosen was not to bet large sums at risk events, but to multiply low probability and low amount bets. This tactic seeks to reduce volatility and generate seemingly legitimate and sustained returns, easy to represent when it comes to surface audits as gambling revenues. To maximize the scope of the scheme, criminals resorted to stolen identities: researchers talk about more than 5,000 stolen identities of citizens of 17 nationalities.

The maneuver combined human and technical exploitation. On the one hand, there was coercion and direct management of the victims - the removal of cards, the control of communications and movements back to Ukraine after opening the accounts - and on the other there was a technological background: bots, communications infrastructure and hundreds of SIM cards that allowed for the operation of multiple accounts and the removal of basic controls of the betting platforms.

The joint investigation, which started in October 2023, culminated in the arrest of 12 persons and searches in several houses in the provinces of Alicante and Valencia. The effects involved include dozens of mobile phones, about 20 computers, 22 bots, four high-end vehicles and about 500 SIM cards. The authorities also ordered the embargo of 10 buildings valued at more than EUR 2 million and blocked accounts in 11 countries with balances exceeding EUR 470,000.

Beyond the economic impact, this case highlights an ethical and legal problem: the use of displaced populations as a mechanism for mocking financial and identity controls. People fleeing the conflict in search of protection - a process regulated at European level, for example by Directive on temporary protection of the EU - they are particularly susceptible to exploitation by networks that mix promises and pressures.

From a technological and regulatory perspective, the episode highlights gaps in the prevention chain: identity verification (KYC), detection of abnormal activity on game platforms and international coordination to freeze and repatriate assets. Schemes that abuse human profiles are often based on layers of automation: scripts that replicate bet patterns, massive account management with disposable phone numbers and use of stolen or falsified documentation. This combination makes it difficult to detect when the alert thresholds are set only in voluminous transactions or obvious patterns of fraud.

International bodies that analyse money laundering and new financial risks are warning about the increasing sophistication of these techniques. Institutions such as FATF / FATF They stress the need for more dynamic mechanisms that incorporate artificial intelligence and behaviour analysis to identify networks that fragment funds in small quantities or use third-party identities.

Cooperation between gambling platforms, banks and police forces is also crucial. The betting houses are required to monitor unusual patterns and report suspicious transactions, and banks must strengthen controls when they detect massive opening of accounts linked to newly issued documents or anomalous communication flows. At the human level, it is essential to improve the means of support and protection for refugees, so that they do not depend on intermediaries who can exploit them.

For those who work in technology, the lesson is clear: automation favours both defenders and attackers. The same resources to detect fraud - real-time analysis, correlation between thousands of events and risk models - can and should be put at the service of prevention and protection of the most vulnerable. The solution is not purely technical; it requires training human operators, sharing commitment indicators between companies and authorities, and developing legal frameworks that facilitate the freezing and recovery of illicit assets across borders.

This case - the public documentation of which can be consulted in the communiqués of Europol and National Police- is not an isolated anomaly, but an example of how social conflicts and technological gaps can be combined to create new forms of financial crime. Protecting victims and closing the doors of these groups requires a coordinated response between technology, regulators and social services.

If you want to look into the humanitarian situation that facilitates this type of exploitation, the refugee agencies keep up-to-date information, such as the Office of the United Nations High Commissioner for Refugees which provides a context for the protection and risks faced by displaced persons. In parallel, the reading of global reports on washing methods and trends in cybercrime, available on the website of the FATF it helps to understand why responses should integrate both technical and public policy measures.