On December 3rd, 2024, Europol announced that a joint investigation between French and Dutch law enforcement authorities had successfully dismantled an encrypted messaging service used by criminals. The platform, known as MATRIX, had been facilitating various serious crimes, including international drug trafficking, arms trafficking, and money laundering.
The operation, which was coordinated by law enforcement across several European countries, resulted in the seizure of over 40 servers, the arrest of multiple suspects, and the interception of millions of criminal messages. The investigation was a major step forward in combating the use of encrypted platforms for illegal activities.
MATRIX: A Sophisticated Criminal Platform
MATRIX, a messaging platform made by criminals for criminals, was first discovered on the phone of a convicted criminal involved in the 2021 murder of Dutch investigative journalist Peter R. de Vries. The journalist had gained fame for his work covering unsolved crimes. This discovery led Dutch authorities to initiate an extensive investigation into the platform, which was found to be more complex and sophisticated than other similar platforms such as Sky ECC and EncroChat.
Unlike many encrypted communication services, MATRIX requires users to be invited in order to join the platform. It offered a range of encrypted features, including secure messaging, voice and video calls, and even anonymous web browsing. MATRIX also had its own currency system for users to pay for subscriptions, and its platform was primarily used on Google Pixel phones. This level of sophistication and exclusivity made it a popular choice among criminals.
The Role of International Cooperation
The dismantling of MATRIX highlights the importance of international cooperation in the fight against organized crime. Authorities from France, the Netherlands, Germany, Italy, Lithuania, and Spain worked together as part of a joint investigation team (JIT) coordinated through Eurojust. This cross-border collaboration allowed law enforcement agencies to exchange vital information and swiftly take coordinated action.
For three months, investigators monitored activity on the platform, deciphering over 2.3 million messages in 33 different languages. The intercepted communications provided valuable intelligence, linking MATRIX users to various criminal activities. These included international drug smuggling, arms deals, and large-scale money laundering schemes.
On December 3rd, the operation led to the takedown of the platform’s servers located across France and Germany. Additionally, authorities conducted raids in multiple countries, arresting three individuals. One suspect, identified as the suspected owner and operator of MATRIX, a 52-year-old Lithuanian national, was apprehended in Spain. He had been working closely with a 30-year-old man from the Netherlands to run the platform.
Significant Seizures and Evidence
During the raids, police seized €145,000 ($152,000) in cash and approximately €500,000 ($527,000) in cryptocurrencies. Authorities also confiscated four vehicles, more than 970 mobile phones, and other equipment. The evidence collected during the operation will be crucial in ongoing investigations into the criminals who used MATRIX to facilitate illegal activities.
In addition to the physical evidence, the seizure of the platform’s servers provided law enforcement with a significant opportunity to collect data related to the communications and transactions conducted via MATRIX. A splash page now appears on the platform’s website, alerting users that their messages were intercepted by authorities. The page includes a warning: “It’s not the first time and will not be the last time we are able to read the messages in real time.”
Law Enforcement Involved
The dismantling of MATRIX involved the coordinated efforts of several European law enforcement agencies, including:
- France: JUNALCO National Jurisdiction against Organised Crime; OFAC National Police Cybercrime Division
- Netherlands: Team High Tech Crime of the National Investigations; Special Operations (NIS) of the Netherlands Police; Netherlands Public Prosecution Service
- Germany: Frankfurt am Main Public Prosecutor General’s Office – ZIT; German Federal Criminal Police, Serious and Organised Crime Division
- Italy: National Antimafia Directorate (D.N.A.); Central Directorate for Anti-Drug Services (D.C.S.A.)
- Lithuania: Prosecutor General’s Office; Lithuanian Criminal Police Bureau
- Spain: Central Investigative Court 1 and 5 of Audiencia Nacional; Spanish National Police
The operation was also supported by Europol’s Operational Task Force, which was established to monitor criminal activity on encrypted platforms like MATRIX. The task force played a crucial role in providing technical and operational support during the investigation.
An Evolving Cybersecurity Landscape
The takedown of MATRIX adds to a growing list of encrypted criminal communication platforms that have been disrupted in recent years. Prior to MATRIX, law enforcement successfully dismantled Sky ECC and EncroChat, two other popular platforms used by cybercriminals. These operations have demonstrated the ability of law enforcement agencies to infiltrate and shut down encrypted communication services that criminals rely on to carry out illegal activities.
However, as criminals adapt to the disruption of their communication tools, law enforcement faces an increasingly fragmented landscape. Criminals have turned to less-established or custom-built encrypted platforms, which offer varying levels of security and anonymity. Despite this challenge, the successful takedown of MATRIX sends a strong message that authorities are constantly evolving their tactics to stay ahead of cybercriminals.
