Law enforcement authorities have successfully dismantled Kidflix, a notorious streaming platform that hosted child sexual abuse material (CSAM), in one of the largest coordinated operations to date.
According to Europol, the platform had a total of 1.8 million users worldwide between April 2022 and March 2025. The server, which contained approximately 72,000 videos at the time, was seized by German and Dutch authorities on March 11, 2025. This operation, codenamed Operation Stream, is described by the European law enforcement agency as the largest undertaken to combat child sexual exploitation.
The multi-year investigation, which began in 2022 and involved 38 countries worldwide, identified 1,393 individuals globally through an analysis of payment transactions. So far, 79 of them have been arrested for distributing CSAM, with some also accused of uploading and watching such content, as well as abusing children.
In addition to the arrests, more than 3,000 electronic devices have been seized, and the investigation is ongoing. Kidflix, which launched in 2021, had amassed a catalog of 91,000 unique videos over time, with roughly 3.5 new videos uploaded every hour on average.
The platform, with about 190,000 registered users since April 2022, allowed users to download and stream content after making payments using cryptocurrencies, which were then converted into tokens. Users could earn tokens by uploading CSAM, verifying video titles and descriptions, and assigning categories to videos, which could then be used to view content.
Each video was uploaded in multiple versions – low, medium, and high quality – enabling criminals to preview the content and pay a fee to unlock higher quality versions. However, the identified offenders represent only a fraction of the 1.8 million users suspected to have logged on to the platform between April 2022 and March 2025.
According to Dutch police officials, 13 suspects have been identified in the Netherlands, although no arrests have been made so far. The operation involved participating countries including Albania, Australia, Austria, Belgium, Bulgaria, Canada, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Georgia, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Spain, Sweden, Switzerland, the United Kingdom, and the United States.
“The rapid evolution of online child sexual exploitation, driven by the digital dimension, has provided offenders with a borderless platform to contact and groom victims, as well as create, store, and exchange child sexual abuse material,” said Catherine De Bolle, Europol Executive Director.
“This is not merely a technical or cyber issue – there are real victims behind these crimes, and those victims are children.”
This development comes as the European Commission unveiled a new internal security strategy called ProtectEU to better detect cyber threats, fight serious and organized crimes, and share intelligence across the region. As part of the initiative, the Commission is expected to present a Technology Roadmap on encryption to identify and assess technological solutions to enable lawful access to data by law enforcement authorities in 2026.
The goal is to identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner, safeguarding both cybersecurity and fundamental rights.
