Dismantling of an International SIM-Swap Network: Poland and the FBI Strike Against Crypto Criminals
The Central Bureau for Combating Cybercrime of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four alleged members of an organized criminal group. The perpetrators specialized in stealing cryptocurrency through SIM-swap attacks—intercepting control over victims' phone numbers.
According to the investigation, the detainees are charged with creating a criminal organization, unauthorized access to computer systems, and money laundering. The court ordered pretrial detention for all four. If convicted, they face up to 25 years in prison.
How the scheme worked: from social engineering to seizing exchange accounts
The criminal group operated methodically. They gained initial access to the IT systems of companies working with telecom operators not through hacking, but through social engineering methods—manipulating employees and using specialized software to intercept work correspondence. After obtaining the necessary access, the criminals launched SIM-swap attacks: cloning or intercepting victims' phone numbers.
Control over SMS and email opened access to cryptocurrency exchanges. The perpetrators reset passwords, bypassed two-factor authentication, and seized accounts. Digital assets were then transferred to controlled wallets.
This scheme exploits a fundamental vulnerability: despite numerous warnings about the risks, many services still allow account recovery via phone number. According to FBI estimates, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021.
International trail and laundering millions
The stolen funds were quickly distributed across a sprawling financial network. As the prosecutor's office notes, the criminals viewed their activities as a permanent source of income. They used personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets.
The scale of money laundering is estimated at tens of millions of zlotys—several million dollars. This is comparable to other European cryptocurrency laundering networks dismantled in the past year. The investigation is overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland.
It is worth noting that this is not an isolated case. Similar cases are being investigated in the U.S., and one of the largest operations of this kind was the theft of approximately $400 million from the bankrupt FTX exchange in 2022.
Expert opinion: This operation is yet another confirmation that the crypto industry urgently needs to abandon SMS authentication in favor of hardware keys or biometric methods. As long as exchanges and services rely on outdated verification methods, we will continue to see new waves of SIM-swap attacks, and this is already a systemic problem, not just a series of isolated incidents.