A multinational investigation has exposed a Ukrainian phone scam network that operated high-tech “boiler room” call centers in Bali and laundered illicit proceeds through luxury assets in Monte Carlo. The organization, which included key figures such as Ermolaev, targeted international victims through sophisticated financial fraud and social engineering schemes, according to reports on the group’s internal collapse and subsequent legal scrutiny.
The network functioned as a dual-node operation, separating the technical execution of scams from the financial enjoyment of the profits. While the operational hubs were based in Indonesia, the leadership maintained a high-profile presence in Monaco to integrate their wealth into the legal economy. This structure allowed the group to exploit the regulatory gaps between Southeast Asian jurisdictions and European financial centers.
Law enforcement agencies have identified the group’s methodology as a variant of the “boiler room” scam, where operators use high-pressure tactics to sell non-existent investments or fake financial products. These operations often overlap with “pig butchering” schemes, which involve building long-term trust with victims before inducing them to invest in fraudulent cryptocurrency platforms, a trend that Interpol has identified as a growing global threat.
How did the Ukrainian scam network operate between Bali and Monte Carlo?
The group established a strategic divide between its “production” and “consumption” phases. In Bali, the network rented villas and office spaces to house dozens of Ukrainian nationals who acted as the frontline scammers. These operators used VOIP technology to spoof phone numbers, making calls appear as though they were originating from reputable financial institutions in the UK, US, or EU.
Once victims transferred funds—typically in cryptocurrency to avoid immediate bank detection—the money was moved through a series of “money mules” and shell companies. The final destination for the laundered funds was often the French Riviera. In Monte Carlo, the group’s leadership, including Ermolaev, invested in luxury real estate, high-end vehicles, and gambling to blend in with the region’s affluent population.
This geographical separation served two purposes. First, it placed the low-level workers in a jurisdiction where local authorities were historically slower to react to foreign-targeted cybercrime. Second, it allowed the architects of the scheme to enjoy their wealth in a global tax haven, complicating the efforts of European investigators to freeze assets in real-time.
What led to the internal collapse of the “clan”?
The stability of the network eroded due to internal disputes over the distribution of profits and the increasing risk of exposure. Reports indicate a “settling of accounts” within the group, where trust between the Bali-based operators and the Monte Carlo-based leadership dissolved. These conflicts often manifest in cybercrime rings when the scale of the fraud becomes so large that the risk of a coordinated international crackdown outweighs the benefits of cooperation.

The friction was exacerbated by the lavish lifestyles of the leaders in Monaco, which created resentment among the operators working in the tropical heat of Bali. When internal betrayals occurred, members of the organization began leaking information to authorities or attempting to blackmail their associates, leading to a cascade of legal vulnerabilities.
This internal volatility is common in transnational organized crime. According to the European Union Agency for Law Enforcement Cooperation (Europol), cybercrime groups often fracture when the “profit-to-risk” ratio shifts, or when key members attempt to exit the organization with a disproportionate share of the laundered assets.
Who are the primary victims of these phone scams?
The network targeted affluent individuals across Europe and North America, specifically those with a documented interest in high-yield investments or cryptocurrency. By using leaked databases of “leads,” the scammers could tailor their pitches to the victim’s specific financial background, increasing the success rate of the fraud.
Victims typically reported a similar pattern: an initial contact from a “senior investment consultant” who provided fake documentation and simulated trading platforms. These platforms showed fictitious gains to encourage the victim to invest larger sums. When the victims attempted to withdraw their money, the scammers demanded “taxes” or “release fees,” continuing the extortion until the victim realized the fraud or their funds were depleted.
The financial impact of such networks is substantial. While the exact total stolen by the Ermolaev-linked group remains under official audit, similar boiler room operations have been known to defraud victims of millions of dollars in a single campaign. The use of cryptocurrency has made the recovery of these funds nearly impossible for the average victim without the assistance of specialized blockchain forensics.
What happens next in the legal pursuit of the network?
The investigation into the Ukrainian network is now focused on the recovery of assets and the extradition of key suspects. Authorities in Italy and France are coordinating with Indonesian police to dismantle the remaining infrastructure in Bali. The primary legal challenge remains the “layering” phase of their money laundering, where funds were bounced through multiple jurisdictions to obscure the audit trail.

Prosecutors are expected to leverage the internal conflicts of the group, offering leniency to lower-level operators in exchange for testimony against the leadership. This strategy is a standard approach in dismantling “cell-based” criminal organizations where the top tier remains insulated from the daily operations.
The case highlights the necessity of the Interpol Red Notice system in tracking fugitives who move frequently between luxury hubs and operational bases. The focus remains on identifying all shell companies used to purchase the Monte Carlo assets to ensure the illicit gains are seized and potentially returned to the victims.
The next confirmed checkpoint in this case involves the processing of financial records seized from the group’s European accounts, which will determine the full scale of the fraud and the number of worldwide victims. Further updates are expected as the judicial cooperation between the EU and Indonesia progresses.
Share this report to help others recognize the signs of boiler room scams. We welcome your comments and insights on the rise of transnational cybercrime in the section below.