FBI Recovers Millions Diverted in Vermont Public Agency Scam
The FBI and U.S. Attorney’s Office have recovered $2.27 million stolen from a public recycling initiative through a fraudulent invoice scheme.
FBI and U.S. Attorney’s Office Recover Stolen Funds
The U.S. District Court for the District of Vermont issued a formal forfeiture judgment for $2,270,202.39 (approximately ₹19.5 crore) in misappropriated funds, which will be returned to the Chittenden Solid Waste District. The operation involved a coordinated effort between federal law enforcement and the U.S. Attorney’s Office to trace and reclaim assets linked to a cyber-enabled financial breach.
Cybercrime Group Exploits Municipal Procurement Systems
A cybercrime group exploited vulnerabilities in municipal procurement systems to redirect funds intended for infrastructure projects. The scheme began in late January 2026, when attackers impersonated a trusted construction partner of the waste management district. Using domain-spoofing techniques, they created email addresses and communication channels that mimicked the legitimate entity.
Deception Through Stolen Digital Signatures
The fraudsters embedded stolen digital signatures and photographs of finance executives to mimic official correspondence, deceiving the agency’s financial team into rerouting payments. Two Automated Clearing House transactions totaling over $3 million were authorized, with the funds directed to a Citibank account controlled by the attackers.
Discovery and Immediate Investigation
The deception remained undetected for weeks until the genuine contractor flagged discrepancies, revealing that the account was managed by an unrelated network. Law enforcement and banking officials initiated an immediate investigation, leveraging digital forensics to freeze the account before the full amount could be transferred.
Civil Forfeiture and Swift Recovery
Despite the attackers withdrawing $750,000 prior to the intervention, federal prosecutors secured a civil forfeiture order to reclaim the remaining $2.27 million. This action bypassed traditional judicial timelines, allowing for the swift return of funds via the U.S. Marshals Service.
A senior prosecutor highlighted the importance of rapid reporting in such cases, noting that the agency’s transparency in acknowledging the breach enabled law enforcement to act decisively.
Preventive Measures and Broader Implications
To prevent similar incidents, the waste management district has implemented a zero-trust procurement framework. All vendor payments now require multi-layered verification, including voice and video confirmations. The case underscores the growing need for advanced cybersecurity measures in public infrastructure projects, particularly in high-value procurement processes.
Impact on Public Services
The recovered funds will support the district’s operations, ensuring continuity in waste management services. The incident has prompted broader discussions about securing municipal financial systems against identity-based fraud and automated phishing attacks.
