How DOJ cases leverage MLATs and partner agencies to pursue fugitives and recover assets beyond U.S. borders.
WASHINGTON, DC, April 17, 2026
The Department of Justice’s modern crypto docket is no longer a purely domestic story, because some of the most important digital-asset prosecutions now depend on foreign arrests, overseas evidence gathering, synchronized infrastructure takedowns, and asset restraints executed well outside American territory.
That change matters because the government’s most persuasive victories in crypto cases increasingly come from showing that blockchain movement may be global and instantaneous, while the enforcement response can also be multinational, methodical, and capable of following suspects, servers, and proceeds across borders with surprising persistence.
The institutional backbone for that work is the department’s Office of International Affairs, which coordinates extraditions, mutual legal assistance, and overseas evidence requests, while Legal Attaché offices, Europol channels, and foreign prosecutors provide the local authority needed to turn American indictments into real-world arrests and recoveries.
The international phase now starts early in major crypto cases.
In older crypto investigations, the public story often began only after an indictment was unsealed in the United States, but the current pattern shows that foreign preservation requests, parallel tracing, and treaty-based cooperation often start well before a defendant ever appears in an American courtroom.
That earlier international posture is important because it allows prosecutors to move before proceeds have fully dispersed, before infrastructure disappears, and before suspects settle into the mistaken belief that a friendly passport or a faraway residence places them beyond the effective reach of U.S. law.
The result is a legal environment in which the smartest federal crypto cases no longer wait for a suspect to wander into an airport with a bad travel document, because they increasingly blend diplomacy, treaty practice, technical tracing, and local partner capacity from the opening stages of the investigation.
Garantex showed how DOJ now treats an exchange as international criminal infrastructure.
The March 2025 action against Garantex remains the clearest recent example, because the DOJ did not simply accuse the Russia-linked exchange of laundering criminal proceeds and violating sanctions, but announced a coordinated action with Germany and Finland to disrupt the online infrastructure that kept the platform running.
In the department’s account, the investigation relied on the FBI, the Secret Service, the National Security Division, the Office of International Affairs, and critical cooperation from the German Federal Criminal Police Office, the Frankfurt General Prosecutor’s Office, the Dutch National Police, Europol, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police.
That institutional list matters because it shows what a true cross-border crypto crackdown looks like in practice, with American prosecutors contributing charges and seizure warrants while foreign agencies supply local execution power, evidentiary access, and the operational reach needed to hit servers, domains, and financial infrastructure on their own soil.
Reuters captured the same international dimension when it reported on the Garantex takedown and the coordinated move by the United States, Germany, and Finland, reinforcing the DOJ’s message that foreign exchange operators must understand that distance no longer guarantees operational safety.
Extradition is becoming a central feature of crypto accountability rather than a rare exception.
The Terraform case made that plain when Do Kwon was extradited from Montenegro to the United States at the end of 2024, after a long and politically watched struggle over where he would ultimately face the most consequential criminal exposure.
When Kwon later pleaded guilty in August 2025, DOJ praised not only the FBI’s Virtual Assets Unit and International Operations Division but also the Ministry of Justice of Montenegro, the Ministry of Interior of Montenegro, the Montenegro Supreme State Prosecutor’s Office, the Montenegro Special State Prosecutor’s Office, and the Office of International Affairs for securing the extradition.
That case matters beyond its headline value because it demonstrates that the department is willing to stay patient through lengthy foreign proceedings when the underlying crypto case is important enough, and because it shows how a fugitive’s travel status can become a pressure point that eventually opens the door to U.S. jurisdiction.
A similar pattern appeared in the Gotbit prosecution, where DOJ said Russian national Aleksei Andriunin was arrested in Portugal in October 2024 and extradited to the United States in February 2025, with the FBI Legal Attaché office in Madrid, Portugal’s Polícia Judiciária ENFAST team, and the Office of International Affairs all assisting the process.
By March 2026, DOJ was using the same playbook in a broader market-manipulation case from Northern California, where defendants were arrested in Singapore and then extradited after coordination among the FBI’s Law Enforcement Attaché office in Singapore, the Singapore Police Force, the Attorney General’s Chambers, and the Office of International Affairs.
Ransomware files reveal how crypto extortion inquiries became treaty-heavy international cases.
The October 2025 extradition of alleged Conti conspirator Oleksii Lytvynenko from Ireland illustrates the same structural shift: the DOJ said Irish police arrested him at the request of the United States, and Irish extradition proceedings later delivered him to federal court in Tennessee to face allegations tied to cryptocurrency ransom payments.
That case is especially revealing because the underlying facts were already international before the extradition began, with Conti attacks affecting more than one thousand victims worldwide, reaching roughly forty-seven states, the District of Columbia, Puerto Rico, and approximately thirty-one foreign countries.
The point for the crypto arena is that once ransomware proceeds are paid in digital assets and routed through distributed wallets, exchanges, or laundering services, the enforcement response stops being a single-district computer crime matter and starts looking like a multinational financial crime inquiry with several governments gathering different pieces of the same puzzle.
The February 2025 Phobos disruption made that even clearer, because DOJ paired U.S. charges with arrests, a technical infrastructure takedown, and acknowledged coordination with partners in the United Kingdom, Germany, Japan, Spain, Belgium, Poland, the Czech Republic, France, Thailand, Finland, Switzerland, Romania, and Europol.
Mutual legal assistance remains one of the quiet engines behind cross-border crypto recovery.
Although extradition receives most of the headlines, some of the most instructive crypto cases involve asset restraint or evidence production accomplished through formal treaty channels long before a defendant is physically returned to the United States.
One unusually explicit example came in February 2025, when prosecutors said Canadian businessman Firoz Patel attempted to hide 450 Bitcoin tied to Payza’s illicit proceeds, but the department restrained the cryptocurrency through a Mutual Legal Assistance Treaty request to the United Kingdom during the investigation.
That detail is important because it shows how cross-border cooperation in crypto cases is often less cinematic than an airport arrest, yet potentially just as decisive, since a timely treaty request can stop a defendant from regaining control over digital assets that might otherwise vanish through another exchange or another jurisdiction.
An even cleaner treaty illustration appeared in the long-running Brazilian Operation Egypto matter, where DOJ said in 2020 that it seized virtual currency worth about $24 million on behalf of the Brazilian government pursuant to an official request under the U.S.-Brazil mutual legal assistance treaty.
That case still matters in 2026 because it demonstrates a form of reverse optics that the industry does not always appreciate, with the United States acting not only as the requesting state in crypto matters, but also as the jurisdiction asked to help preserve virtual assets for foreign proceedings and eventual compensation of foreign victims.
Asset recovery now travels on the same international rails as the prosecution itself.
The Estonian HashFlare case is one of the best modern examples, because when Sergei Potapenko and Ivan Turõgin pleaded guilty in February 2025, they agreed to forfeit more than $400 million in assets, and DOJ specifically thanked the Estonian Police and Border Guard, the Estonian Prosecutor General, the Estonian Ministry of Justice and Digital Affairs, and the Office of International Affairs for assistance with both the investigation and the extradition.
That combination is important because it shows the contemporary sequence in major crypto fraud cases, where a foreign arrest does not end the international phase, but instead opens a second stage involving forfeiture coordination, victim identification, and remission planning that can be just as complex as the original apprehension effort.
North Korea-related cases reinforce the same lesson from a different angle, because the DOJ has increasingly described multi-country revenue schemes involving remote IT workers, overseas virtual currency platforms, and laundering paths running through places like China, Russia, and Ukraine before frozen assets are finally brought under U.S. control.
When the department announced in November 2025 that it had filed forfeiture actions against more than $15 million in virtual currency stolen and laundered by North Korean actors, it effectively demonstrated that cross-border tracing, sanctions enforcement, and eventual return to rightful owners now function as a single integrated pipeline rather than separate bureaucratic projects.
Partner agencies are no longer supporting characters in these cases, because they often decide whether the case becomes real.
That is the biggest practical lesson running through the recent docket, because an indictment drafted in Virginia, New York, Tennessee, Massachusetts, or California does not by itself seize a foreign server, arrest a suspect in Singapore, freeze Bitcoin in the United Kingdom, or carry a fugitive out of Montenegro or Portugal.
Those outcomes happen only when foreign police, foreign prosecutors, local ministries, regional bodies like Europol, FBI legal attachés, and DOJ’s treaty specialists align around a common plan and move quickly enough to preserve evidence before suspects exploit the next chain bridge, wallet cluster, or permissive exchange.
For exchanges, custodians, market-makers, and offshore service providers, that should be the real warning embedded in DOJ’s recent crypto work, because the international network surrounding a case can be wider and faster than internal legal teams often assume when they first review a subpoena, forfeiture order, or sealed seizure warrant.
It also means that companies facing a serious cross-border digital-asset investigation have to think beyond ordinary domestic litigation strategy, because the practical risks can include parallel foreign process, cross-border production demands, coordinated arrests, asset holds in multiple countries, and sudden travel exposure for executives or beneficial owners.
Businesses and individuals assessing such jurisdictional pressure often review Amicus International Consulting and its cross-border extradition analysis to understand how a cyber or crypto investigation can widen from a compliance problem into a mobility, enforcement, and asset-preservation crisis.
The broader message is that crypto fugitives and overseas proceeds are now being pursued through a mature international system.
The Justice Department’s recent crypto cases show that the age of assuming blockchain crimes can be safely fragmented across borders is fading, because prosecutors increasingly know which foreign doors to knock on, which treaty tools to use, and which partner agencies can convert technical leads into physical control.
That does not mean every fugitive will be returned quickly or every stolen asset recovered completely, but it does mean the government’s cross-border playbook is now far more sophisticated than the market sometimes assumes, especially in cases involving exchange infrastructure, ransomware, sanctions evasion, investor fraud, or large-scale laundering.
The bottom line is that DOJ’s international crypto crackdowns are no longer defined by isolated indictments with uncertain follow-through, because the modern pattern is extradition plus forfeiture, treaty requests plus blockchain tracing, and American charges backed by foreign police and prosecutors who increasingly treat digital-asset crime as a shared enforcement problem.




