Massive €188 Million Hawala and Money Laundering Ring Exposed by EPPO Across EU

hawala money laundering vat fraud eppo financial crime

This image is AI-generated.

A vast criminal enterprise spanning multiple European countries and Turkey has exposed the growing convergence between tax evasion, cross-border fraud, and money laundering through unregulated networks. The investigation, codenamed Goliath, revealed a complex carousel VAT fraud scheme that generated illicit profits exceeding €188 million between 2019 and 2023. What began as a series of fraudulent invoices evolved into a fully fledged transnational laundering system blending traditional Hawala transactions with modern cryptocurrency tools.

The Goliath Investigation and Origins of this Massive Fraud

At the center of this operation were five suspects—three Danish and two Turkish nationals—accused of constructing and running a network of shell companies designed to evade value-added tax obligations. The two principal organizers had prior convictions for tax evasion linked to the earlier Swedish attack scheme. Having refined their methods, they replicated the same model at a much larger scale, extending operations across Germany, France, Hungary, and Sweden while coordinating logistics from Istanbul.

The group’s business front centered on trading popular electronic goods, particularly high-demand items like AirPods, which offered easy resale and compact transport. The simplicity of the product choice masked the sophistication of the underlying scheme. Each fake transaction created a paper trail showing legitimate cross-border movement of goods, allowing the perpetrators to claim input VAT that was never paid. By cycling goods through multiple entities—so-called “missing traders”—the fraudsters secured false tax refunds from national authorities.

VAT carousel schemes have long been among the costliest frauds affecting the European Union. Despite numerous directives aimed at harmonizing tax collection and tightening intra-community trade reporting, such networks continue to exploit regulatory gaps between Member States. The Goliath network demonstrated that even as digital reporting requirements strengthen, criminals adapt by diversifying payment routes and integrating informal value transfer systems.

By 2021, the network had constructed several corporate layers supported by falsified documentation and nominee directors recruited from Eastern Europe. The structure’s design ensured that no single country’s tax authority could view the complete chain. The result was a fragmented compliance picture where each jurisdiction saw only one piece of a broader carousel, delaying detection.

Hawala Laundering Networks and Cryptocurrency Integration

Investigators uncovered that the network relied heavily on the centuries-old Hawala system to obscure the origin and destination of its funds. Hawala, based on trust between brokers known as hawaladars, operates outside formal banking infrastructure and leaves little documentary trace. This informal mechanism, while commonly used for legitimate remittances, provided the perfect cover for money derived from tax evasion.

The Goliath defendants allegedly used their controlled firms to settle invoices with counterparties in Turkey, the Middle East, and North Africa. Transactions were offset between regions, creating balance sheets that appeared commercially sound but were actually clearing criminal proceeds. In Germany, authorities identified connections to a Hawala network in North-Rhine-Westphalia known for channeling undeclared money between Europe and the Middle East.

To reinforce their concealment, the network created a blockchain company that handled virtual asset purchases using the same illicit capital. The transition into cryptocurrency represented a deliberate attempt to modernize their laundering infrastructure. Once the funds were converted into digital assets, the movement of value became virtually invisible to traditional banking surveillance. The coins were layered through small-scale transfers and sent to wallets linked to consulting firms or intermediary entities, most of which existed only on paper.

Investigators found evidence of fake consulting firms in Istanbul that issued invoices to justify fund movements back to Turkey. These invoices bore all the hallmarks of professional corporate activity—logos, contracts, and digital signatures—but lacked real operational history. Such shell consultancies acted as bridges between fiat and crypto transactions, further complicating recovery efforts.

The convergence of old-world Hawala and new-age cryptocurrency demonstrated how financial criminals increasingly rely on hybrid laundering systems. While banks have tightened onboarding procedures and monitoring, alternative channels remain far less regulated. These methods exploit trust-based systems where neither end of the transaction requires formal recordkeeping. As a result, large sums can circulate without attracting attention, eroding the effectiveness of anti-money laundering frameworks built around traceable financial flows.

Corporate Fronts and False Identities

The Goliath network’s corporate design was as intricate as its financial routing. To sustain continuous VAT refund claims, the group needed multiple legal entities across several jurisdictions. They registered companies in Germany, France, Hungary, and Sweden, each serving a specific function—some acting as buyers, others as intermediaries, and others as exporters.

Straw directors were recruited from Poland and Lithuania, often individuals of limited means who agreed to lend their names for modest compensation. Forged passports and counterfeit corporate documents allowed these nominees to appear legitimate during bank onboarding. One notary, unaware of the larger conspiracy, authenticated documents that enabled the criminals to open numerous bank accounts. Each account became a node in the laundering web, facilitating fast transfers that mimicked real trade activity.

A particularly striking example involved a Danish suspect who used his Irish pub to simulate deliveries of electronics. Fake purchase orders and receipts indicated a legitimate supply chain, masking the absence of real goods. The blending of genuine business operations with falsified trade made it difficult for auditors to distinguish legitimate transactions from fraudulent ones.

Central command operated from Istanbul, where one of the main defendants oversaw both logistics and fund movements. The location was strategic: Turkey’s financial system maintains strong trade links with the EU but operates outside its jurisdictional reach, giving the perpetrators an additional layer of insulation. Through Istanbul, the network connected European VAT refund claims to offshore laundering operations in the Middle East.

This combination of geographic dispersion and legal fragmentation remains one of the greatest challenges for financial crime enforcement. Each jurisdiction involved had only partial oversight. France saw export invoices, Germany processed refunds, Turkey handled settlements, and Hungary recorded intermediary sales. No authority alone could recognize the full scope until EPPO consolidated the case.

Legal Ramifications and Enforcement Outlook

The five defendants now face prosecution for aggravated tax fraud, money laundering, and participation in a criminal organization. The two ringleaders, already serving sentences in Germany for related offenses, may receive additional terms of up to ten years. Beyond their personal liability, the case highlights persistent vulnerabilities in the EU’s cross-border tax and AML frameworks.

Carousel fraud is estimated to cost the EU more than €50 billion annually. While the Union has introduced mechanisms such as the VAT Information Exchange System (VIES) and the Transaction Network Analysis (TNA) tool, Goliath exposed how these systems remain dependent on timely and accurate input from national tax offices. Fraudsters exploit the lag between invoice issuance and reporting, moving money through alternative systems before red flags appear.

The use of Hawala networks adds another layer of complexity. Unlike formal financial institutions, hawaladars are not subject to the same reporting obligations under the EU’s AML directives. This means that even if suspicious patterns are identified at the banking level, parallel informal transactions remain invisible. Law enforcement agencies increasingly call for integrating Hawala mapping into national risk assessments, particularly in countries where diaspora remittances form a significant share of cross-border transfers.

The introduction of cryptocurrency further complicates enforcement. Although virtual asset service providers are now subject to registration and AML compliance requirements under the EU’s MiCA regulation, enforcement remains uneven. Many crypto exchanges operating from outside the EU continue to offer services to European clients with limited oversight. Criminal groups exploit these gaps by converting funds into crypto, transferring them to non-EU wallets, and then repatriating them through apparently legitimate contracts.

The Goliath investigation underscores the importance of supranational cooperation. The European Public Prosecutor’s Office, established to protect the EU’s financial interests, coordinated efforts across Germany, Denmark, France, and Turkey. Its mandate allowed for direct prosecution of crimes affecting EU funds, bridging the jurisdictional divide that had long hindered similar cases. Without this centralized approach, the fragmented evidence across multiple countries might never have been consolidated into a single indictment.

For compliance professionals, the case offers a stark reminder of the interconnectedness between tax fraud and money laundering. Many financial institutions focus primarily on predicate offenses like drug trafficking or corruption, underestimating the laundering potential of tax crimes. Yet, VAT carousel fraud generates large volumes of clean-looking funds that re-enter the financial system through legitimate channels. Banks and payment providers must refine their transaction monitoring rules to detect cyclical trade patterns and mismatched VAT refund flows.

As Europe moves toward implementing the new Anti-Money Laundering Authority (AMLA) in Frankfurt, cases like Goliath will test the agency’s capacity to harmonize supervision. The authority will need to ensure that both regulated and unregulated value transfer systems fall within its scope, particularly as criminals increasingly blend traditional fraud with digital finance tools.

Enhanced beneficial ownership transparency, mandatory cross-border data analytics, and coordinated sanctioning powers could close the loopholes that enable such operations. However, these reforms will only be effective if Member States ensure consistent enforcement at the national level.

The Goliath network’s downfall was a triumph of coordination, but it also signaled how much remains to be done. As tax and AML systems continue to operate in silos, organized crime groups will keep exploiting the seams between fiscal policy, banking supervision, and technological innovation.

Source: EPPO

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.