The U.S. Department of Justice (DOJ) has arrested Yune Wang, 35, a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment, for his alleged role in a botnet scam "used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations."

According to the May 29 indictment, Wang allegedly "created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide" that affected over 19 million IP addresses through the 911 S5 botnet between 2014 and 202. The defendant then proceeded to sell hijacked IP addresses to cybercriminals for cryptocurrencies with victims in more than "200 countries and facilitated a whole host of computer-enabled crimes, including financial frauds, identity theft, and child exploitation."

A separate analysis by blockchain analytics firm Chainlysis demonstrates that wallet addresses associated with Wang together held more than $130 million in digital assets earned through illicit commissions. Researchers at Chainalysis wrote: 

"The 911 S5 botnet was able to provide these services by distributing deceptive free VPN services to victims, which purported to give users enhanced privacy while browsing the web. In reality, 911 S5 used backdoors in its code to illegally hijack the IP addresses of millions of victims around the world. This enabled the 911 S5 administrators to make millions of dollars per year with a subscription-based service allowing cybercriminals to use victims’ IP addresses."

Meanwhile, law enforcement officials at the DOJ added:

"911 S5 customers allegedly targeted certain pandemic relief programs. For example, the United States estimates that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion."

23 domains over 70 servers constituting the backbone of Wang's operations were seized in a joint collaboration between law enforcement officials of United States, Singapore, Thailand, and Germany. Police say that they were also able to seize $30 million in assets linked to 911 S5.

Last month, Cointelegraph reported that China has an alleged Trojan Horse in US Bitcoin mining infrastructure through locally manufactured application-specific integrated circuit mining rigs. Expert says the rigs enable Chinese intelligence agencies to conduct cyber-espionage, potentially targeting sensitive military installations, power grids, or communication networks.

Related: 3AC’s $700M Worldcoin windfall, China vs the crypto spies: Asia Express