Case Goliath: A Closer Look at a €188 Million VAT Carousel Fraud and Laundering Scheme

In October 2025, the European Public Prosecutor’s Office (EPPO) in Hamburg filed indictments against five individuals in connection with a major VAT fraud and laundering operation known as Investigation Goliath. The financial impact has been estimated at more than €188 million in losses to both EU and national budgets between 2019 and 2023.

The case involves three Danish nationals and two Turkish citizens residing in Germany. The defendants are accused of operating a criminal organisation that orchestrated large-scale VAT fraud through intra-EU trade in electronics, followed by structured efforts to move and disguise the proceeds.

Two of the suspects are also facing charges related to money laundering through Hawala networks and cryptocurrency transactions, as well as allegations of inciting others to commit unlawful activity. Both are currently serving prison sentences in Germany for earlier offences linked to this same network.

How the Fraud Was Built: From the “Swedish Attack” to Goliath

The investigation revealed that the two lead defendants had experience in VAT fraud schemes, including their prior involvement in a fraud network that operated in Sweden between 2017 and 2021.

In 2019, they splintered off from that network and established their own organisation with a clear objective: scale up and maximise VAT fraud revenues across the EU.

They created a chain of shell companies in France, Germany, Hungary and Sweden, all designed to simulate legitimate cross-border trade in electronics — specifically high-value goods like Apple AirPods, which are easy to transport and resell. These entities appeared to be independent trading firms but were in fact part of a carousel VAT fraud mechanism. The actual coordination of trade and communication took place from an office in Istanbul, managed by one of the primary suspects.

How the VAT Carousel Fraud Was Carried Out

The mechanism relied on well-known features of EU VAT rules. Goods sold between companies in different EU member states are generally exempt from VAT. Fraudsters exploited this by setting up a chain of transactions that cycled goods across multiple jurisdictions.

Here’s how it worked, step by step:

1. Goods were ‘sold’ from one shell company in one EU country to another shell in a different EU country - tax-exempt under EU law.

2. Once in the destination country, the receiving company sold the goods domestically and charged VAT.

3. The seller then vanished without paying the VAT owed to tax authorities - earning the label “missing trader”.

4. Meanwhile, another company further down the chain - often within the same network - claimed a VAT refund for input tax, despite the VAT never being paid in the first place.

This sequence was repeated across multiple companies, giving the appearance of legitimate trading while generating significant tax losses.

The operations and transactions looked credible because of:

• The use of front businesses, such as a pub in Denmark, to simulate physical delivery routes.

• Engagement of straw directors and shareholders from Poland and Lithuania.

• Use of forged identity documents to support account openings.

• Assistance from a notary to facilitate the creation of legal entities and authorisations.

Movement and Concealment of Proceeds

Once profits were generated through the VAT scheme, the next step involved moving and disguising the funds. This was achieved through several parallel methods.

Hawala-Based Transfers

The suspects are believed to have operated within an established Hawala network, where money was moved across borders without using formal financial institutions. Companies under their control were used to settle invoices with businesses in Turkey, the Middle East, and North Africa. In Germany, a Hawala network in North-Rhine Westphalia was used to transfer funds from Turkey.

This system allowed the group to avoid detection by financial institutions and bypass AML controls typically associated with bank transfers.

Cryptocurrency Transactions

Investigators found that the group created a blockchain company for the purpose of acquiring cryptocurrency with illicit funds. The purchase of crypto assets provided an added layer of anonymity and complexity to the laundering process, especially when funds were routed through exchanges or platforms with limited transparency.

Use of Consulting Firms

The network also included consulting firms that issued invoices for fictitious services. These companies, including one based in Istanbul, were used to justify the transfer of large sums of money, enabling the suspects to reintegrate illicit proceeds into the financial system under the guise of business expenses.

Indicators for AML and Compliance Professionals

This case highlights several important features relevant to those working in financial crime prevention and due diligence. While the scheme involved familiar mechanisms, the structure and planning behind it point to several areas of vulnerability that merit closer attention.

Trading Patterns and Economic Rationale

• High-value cross-border transactions involving electronic goods, especially when paired with inconsistent documentation or unclear shipping routes.

• Trading volumes that do not correspond with company size, operating history, or sector expertise.

Complex Company Structures

• The presence of complex ownership layers across jurisdictions with limited transparency.

• Use of newly registered companies where directors have little or no previous industry experience.

• Concentration of administrative tasks in a single location that is disconnected from the stated country of operation.

Suspicious Identity Verification and Documentation

• Applications supported by forged or questionable documentation.

• Repetition of certain notaries, agents, or service providers across unrelated accounts or applications.

• Multiple companies with directors sharing addresses, phone numbers, or identity credentials.

Payment and Fund Transfer Behaviour

• Transfers conducted through non-bank channels such as MSBs (money service businesses), informal brokers, or Hawala agents.

• Acquisition of digital assets such as cryptocurrency through newly formed blockchain firms without a clear commercial purpose.

• Regular outgoing payments to consulting or service providers located in high-risk jurisdictions without sufficient explanation or service details.

Business Purpose and Justification

• Invoices that are vague, lack itemisation, or are inconsistent with the company’s core activities.

• Sudden increases in payment activity following periods of inactivity or low transaction volume.

• Repeated use of similar justification language across separate entities.

Key Observations

This case demonstrates how VAT fraud, when combined with strategic laundering techniques, can create significant exposure for financial institutions and businesses facilitating onboarding, payments, or account services. The organisation behind Goliath was not operating at the margins - it developed an infrastructure that closely mirrored legitimate operations, often using systems that would appear credible at first glance.

The regulatory risks associated with this type of fraud extend beyond tax enforcement. These activities often intersect with broader financial crime networks, including those involved in document fraud, identity theft, and illegal fund transfers.

What Professionals Can Do

Eliminating money laundering risk entirely isn’t realistic - the aim is to manage it effectively. That starts with focusing on areas where controls can have the greatest impact. The following measures can help compliance teams strengthen their defences and improve their ability to detect and respond to suspicious activity:

• Strengthen onboarding processes with additional validation steps for beneficial ownership, director backgrounds, and economic activity.

• Monitor trade-related businesses for inconsistencies in transactional patterns, especially those involving high-value goods and multiple jurisdictions.

• Use data analytics and network analysis tools to identify connections between seemingly unrelated entities, particularly those sharing directors, addresses, or service providers.

• Train teams to recognise behavioural indicators of laundering techniques — such as the sudden use of alternative payment methods, new crypto involvement, or unusual consulting arrangements.

Conclusion

Case Goliath shows the level of preparation and execution that modern financial crime can involve. It reinforces the importance of active monitoring, in-depth due diligence, and a questioning mindset at all stages of a customer or transaction lifecycle.

While documentation and processes can be made to look compliant, the underlying behaviour often reveals more. Recognising that and asking early questions can prevent financial institutions from becoming unwitting facilitators of serious fraud.