Law Enforcement Authorities Have Seized the ‘DoubleVPN’ Service

Last updated July 31, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

‘DoubleVPN’ has had its web domains and server infrastructure seized by law enforcement and judicial authorities in Europe, Canada, and the US, after the service failed to comply with key information sharing requests. More specifically, the authorities had reasons to believe that hackers and threat actors were using DoubleVPN to conceal their malicious activities and also their IP addresses. After requesting all user logs from DoubleVPN and receiving no answer, the only option left was to seize the service and all of the data it held.

Source: Europol

Interestingly, even though DoubleVPN claimed not to keep any user data or logs that could help to identify customers, the authorities now mention the existence of personal information, logs, and statistics on the seized servers. As the seizure notice points out, DoubleVPN’s promise to protect the anonymity of its users was fake. This means the hackers who trusted the service to stay hidden from investigators may soon be identified, located, and arrested.

DoubleVPN was promoted aggressively as the ultimate VPN service on various underground forums. It offered double VPN protection, hence the name, and even options for three or up to four layers of internet traffic encryption. The cost for using the service started from $25, so it was a solid choice for phishing, ransomware, malware, and adware actors.

Taking down the service wasn’t as simple as visiting its offices and arresting the employees. This was an illegal service that didn’t have a registered presence, so an investigation had to be carried out. After 30 coordination meetings and four workshops, the takedown operation that spanned across nine countries took place.

Wieteke Koorn of the Dutch Public Prosecutor’s office stated:

This criminal investigation concerns perpetrators who think they can remain anonymous while facilitating large-scale cybercrime operations. By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kinds of criminals. Their criminal acts damage the digitalized society and erode the trust of citizens and companies in digital technologies, therefore their behavior has to be stopped.

This development will undoubtedly cause a notable interruption in several malicious operations, but it’s not that cyber-criminals don’t have other VPN service choices. The statement about the existence of user data logs is the most interesting in this case, so we will wait to see if it holds true and if any users will now fall into the hands of the police.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: