The Federal Bureau of Investigation (FBI) is investigating whether NetNut, a subsidiary of Alarum Technologies, helped link home internet devices into a residential proxy network without owner consent. The Department of Justice (DOJ) seized multiple domains as part of the probe. Cybersecurity researchers have identified overlaps between NetNut and Popa software, which can allegedly co-opt devices without the owner’s knowledge.
The probe: Zombie devices and proxy networks
For you to understand better, residential proxy networks route internet traffic through everyday devices (could be laptops, smartphones, routers, and TV streaming boxes), making it appear as though traffic comes from a different location.
Now, the thing is that while legitimate businesses use these networks to test products or scrape websites, hackers can also use them as “stolen passports” to disguise malicious traffic.
Comcast has said that behind the “veneer” of legitimate uses “lies a murky, deeply entrenched supply chain connected with cybercrime.” Craig Labovitz of Nokia Deepfield compared residential proxies to “thousands of anonymous strangers sneaking into your home to get unlimited internet access.” And the FBI has described them as “a standard tool criminals use to look like ordinary users online” while carrying out bank fraud and other attacks.
NetNut, Popa, and the evidence
The investigation centers on Popa software, which can allegedly commandeer devices for proxy networks without owner consent. Cybersecurity firm Synthient reported that NetNut and Popa “share operational infrastructure and telemetry,” while Qurium identified “multiple technical and historical overlaps” between the technologies that are “unlikely to be coincidental.”
NetNut (acquired by Alarum in 2019) sells access to tens of millions of proxy addresses. The FBI’s Houston office has been investigating since late last year, with the probe showcased at a multi-agency “ResProxy Sprint” meeting in Colorado. Alarum said it “will fully cooperate with law enforcement” but has previously called the reports “demonstrably inaccurate.”
The big picture: AI is pumping up the proxy market
The FBI investigation comes as the residential proxy market has exploded from a niche industry into a multi-billion-dollar business, and artificial intelligence (AI)-related companies are now a major driver.
Analysts estimate the market generates anywhere from $100 million to $3 billion in annual sales, with growth accelerated by AI developers‘ “voracious appetite for data scraped from websites.” On top of this, Nokia Deepfield’s Craig Labovitz noted: “We’ve gone from a market in the tens of millions of dollars to the billions. This largely seems to be due to AI companies.”
And this gets pretty messy for Web3 and crypto projects too, since a lot of them use these proxy networks for things like privacy-focused trades, node operations, and keeping their decentralized infrastructure running.
But if the supply chain for these services involves compromised or hacked devices, the entire sector faces reputational and regulatory risk, and turns into something even more darkly serious. At least the FBI investigation shows here that law enforcement is taking a hard look at the infrastructure underpinning location-masking services. And that’s something.
And there’s another thing: projects that rely on proxy networks [from privacy coins to Decentralized Physical Infrastructure Networks (DePIN) protocols] may need to audit their infrastructure partners to avoid being associated with illegal data harvesting. Some do, some don’t.
Alarum reported $11.7 million in Q1 2026 revenue, a 64 percent jump year-over-year (YoY), “driven mainly by strong demand for the company’s proxy solutions.” But what matters here is whether that demand is sustainable if the supply chain is built on compromised/”zombie” devices, which is definitely a weird look.



