Law Enforcement Shuts Down Encrochat, Leading to Nearly 750 Arrests
Europol, the UK’s National Crime Agency (NCA), and law enforcement agencies from France, Sweden, Norway, and the Netherlands have officially announced the takedown of Encrochat, an encrypted communication platform used by over 60,000 criminals worldwide.
How Encrochat Worked
According to an archived version of the company’s website, Encrochat phones promised users complete anonymity. Devices and SIM cards were not linked to user accounts and were sold in a way that made them untraceable. The phones were physically modified to remove the camera, microphone, GPS module, and USB port, ensuring maximum privacy. The encrypted interface was hidden, and confidentiality was guaranteed.
Encrochat devices came with two operating systems: a standard Android for everyday use and a secret Encrochat system for encrypted chats. According to Vice Motherboard, the phones were based on modified BQ Aquaris X2 Android smartphones, released in 2018 by a Spanish electronics company.
Encrochat operators installed their own encrypted messaging and VoIP apps, routing all traffic through company servers. The phones also featured a quick-wipe function, allowing users to erase all data with a special PIN code. Devices were sold on a subscription basis, with a six-month contract costing around £1,500. Although the website listed resellers in Amsterdam, Rotterdam, Madrid, and Dubai, the company operated very discreetly.
Someone controlling Encrochat’s email told Vice Motherboard that the company was a legitimate business with clients in 140 countries, offering secure mobile communication services. However, law enforcement claims that 90% of Encrochat’s users were criminals, with about 10,000 users in the UK alone.
Buying an Encrochat device was not easy. A former user, now serving a prison sentence, told Vice Motherboard he bought his phone from a store owner in a back alley, describing the transaction as “looking like a drug deal.”
Infiltrating Encrochat
The joint operation, codenamed Venetic, is one of the largest in history, resulting in 746 arrests, the seizure of £54 million ($67.4 million) in cash, 77 firearms (including automatic weapons, pistols, four grenades, and over 1,800 rounds of ammunition), 55 luxury cars, and more than two tons of drugs.
While French authorities declined to share details, Dutch officials reported shutting down 19 synthetic drug labs, arresting over 100 suspects, seizing more than 8,000 kg of cocaine, 1,200 kg of methamphetamine, dozens of firearms, luxury cars (some with hidden compartments), watches, and nearly €20 million ($22.5 million) in cash.
The investigation began in France in 2017 under the codename Emma 95, later spreading to the Netherlands (Lamont), and eventually involving the UK, Sweden, and Norway. Investigators found a way to hack Encrochat without breaking its encryption. French law enforcement infiltrated the network and installed malware on Encrochat devices, allowing them to read messages before they were sent. European police reviewed “over 100 million encrypted messages,” witnessing drug deals, murder plots, and money laundering in real time.
According to Dutch authorities, “These messages provided unprecedented insight into serious crimes, including large-scale international drug shipments, locations of drug labs, murders, robberies, extortion, violent assaults, and hostage-takings. International drug and money laundering routes became completely transparent.” Andy Kraag, head of the Dutch National Criminal Investigation Department, added, “What usually only happens in police thrillers was happening before our eyes—we were reading messages that gave us a glimpse into the daily life of the criminal underworld.”
Panic in the Criminal World
In May 2020, some Encrochat users noticed that the wipe function on their phones was not working. An anonymous Encrochat employee told Vice Motherboard that they initially thought users had forgotten their PINs or misconfigured the feature. The following month, Encrochat traced one of these malfunctioning X2 devices and discovered malware specifically designed for that model. The malware not only disabled the wipe function but also hid itself, recorded lock screen passwords, and cloned app data.
Realizing they were under attack, Encrochat released an update to restore functionality and gather information about the malware. However, attackers quickly struck again, this time enabling the malware to change the lock screen password. Encrochat operators began to panic, sending messages to users about the ongoing attack and notifying their SIM card provider, Dutch telecom company KPN. KPN briefly blocked the malware’s connections, but soon removed the firewall, likely due to cooperation with authorities.
Encrochat decided to shut down all operations: “We have decided to immediately disable all SIM cards and the network,” an employee said. The company realized it was facing a government operation, not a rival firm. On June 13, 2020, Encrochat sent a message to all users: “Today, our domain was illegally seized by government entities. They used our domain to launch an attack. Due to the complexity of the attack and the malware, we can no longer guarantee the security of your device. We advise you to immediately power off and physically destroy your device.”
After this message, many users panicked. Screenshots obtained by Vice Motherboard show users trying to determine if their specific phone models were affected. But it was too late—European law enforcement had already extracted vast amounts of data from Encrochat devices worldwide, exposing massive drug empires and criminal syndicates through text messages and photos. Police had everything: photos of huge stacks of drugs on scales, kilogram bricks of cocaine, bags stuffed with ecstasy, messages about planned deals and shipments, and even family photos and personal discussions.
Law enforcement quickly moved in, seizing shipments, raiding drug dealers, and making mass arrests. Encrochat was the common link. According to sources close to Encrochat users, the criminal world was thrown into chaos, having lost a primary means of communication. Many Encrochat clients tried to flee across borders to avoid arrest, and bulk drug purchases became much more difficult.
Not the First Case
The takedown of Encrochat and the arrests of its users are not unprecedented. In 2018, the CEO of Phantom Secure, a company making “unhackable” phones for criminals, was arrested. Phantom Secure hosted its servers in Panama and Hong Kong, using virtual proxies to hide their locations and offering remote data wiping for seized devices. Subscriptions cost $2,000–$3,000 for six months, with payments in digital currencies like Bitcoin to protect client anonymity. Devices were modified for maximum privacy and encryption, with features tailored to criminal needs.
Phantom Secure phones were popular among criminals, including top members of the Sinaloa cartel in Mexico. Another company, MPC, was created and run by a Scottish organized crime group involved in drug trafficking.
Vice Motherboard notes that competition in this market is fierce. Companies spread rumors about each other’s device security, upload videos to YouTube discrediting rivals, and even block competitors’ domains, as Encrochat once did. Other secure communication providers are now trying to fill the gap left by Encrochat’s disappearance. For example, Omerta is targeting former Encrochat clients with ads like, “Encrochat is hacked, users exposed and arrested. THE KING IS DEAD! Did you miraculously survive the recent ‘mass extinction’? Celebrate with a 10% discount. Join the Omerta family and communicate with impunity.” Omerta representatives confirmed to journalists that they have seen a recent increase in traffic.