Law Enforcement Shuts Down Matrix Encrypted Messaging Platform

As a result of the international operation “Passionflower,” law enforcement agencies have shut down the Matrix encrypted messaging platform. Authorities claim they actually took control of the service at the beginning of 2024 and monitored criminal communications for three months before making the shutdown public.

It is important to note that the Matrix platform taken down by law enforcement has no connection to the open-source, decentralized data transmission protocol of the same name (matrix.org).

Details of Operation Passionflower

The operation was coordinated by Europol and Eurojust, with participation from law enforcement agencies in several European countries, including France, the Netherlands, Italy, Lithuania, Spain, and Germany.

The investigation into Matrix began after police examined the phone of a suspect involved in the July 2021 attempted assassination of Dutch investigative journalist Peter R. de Vries, who reported on organized crime. De Vries died in the hospital nine days after the attack. Authorities discovered that the suspect’s device had been modified and was connected to the Matrix service, which was designed for encrypted communications.

Investigators from Dutch and French law enforcement agencies were able to track and intercept 2.3 million messages in 33 languages sent through Matrix devices. No technical details have been disclosed about how this interception was accomplished.

According to Europol’s official statement, “For three months, authorities were able to monitor messages from suspected criminals, which will now be used in further investigations. In a coordinated operation supported by Eurojust and Europol, the messaging service was dismantled by Dutch and French authorities, with subsequent actions taken by their Italian, Lithuanian, and Spanish counterparts.”

Matrix Platform Features and Clientele

Investigators report that more than 40 Matrix servers across Europe supported 8,000 user accounts. The platform offered its own Matrix OS, encrypted voice and video calls, secure messaging apps, anonymous internet access, transaction tracking, a gambling app, and its own currency for subscription payments.

Users paid between €1,350 and €1,700 in cryptocurrency for modified Google Pixel devices pre-installed with Matrix, as well as a six-month subscription to the service.

Matrix was also sold under other names, including Mactrix, Totalsec, X-quantum, and Q-safe, but all these services used the same infrastructure. Europol noted that Matrix’s infrastructure was technically more advanced than previously dismantled platforms like Sky ECC and EncroChat. Access to the service was by invitation only.

Raids, Arrests, and Seizures

This week, law enforcement conducted simultaneous raids and searches in dozens of countries, disabling 40 Matrix servers in France and Germany. Five suspects were arrested in Spain and France. One of those detained, a 52-year-old Lithuanian man whose name has not been disclosed, is believed to be the owner and main operator of Matrix.

During the raids, authorities seized 970 secure phones, €145,000 in cash, €500,000 in cryptocurrency, and four vehicles.

The Matrix website now displays a notice warning users that their communications have been exposed and that they may soon become subjects of criminal investigations.

Advice for Innocent Users

Dutch police have advised that Matrix users who chose the service for privacy and anonymity, but were not involved in criminal activity, should contact law enforcement at [email protected] to request exclusion from the investigation.

Context: Ongoing Crackdown on Encrypted Criminal Platforms

The takedown of Matrix continues a series of shutdowns of similar services, which have primarily served organized crime groups involved in drug trafficking and money laundering. In recent years, law enforcement has dismantled platforms such as Encrochat, Sky ECC, Phantom Secure, Anom, and Ghost.

Evidence obtained from these platforms—either through intercepted messages or confiscated servers—has led to the arrests of thousands of drug traffickers, arms dealers, organized criminals, murderers, and individuals involved in money laundering.