Crypto news

25.06.2026
18:20

Poland and the FBI: Hacker group that stole cryptocurrencies via SIM-swap has been dismantled

The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), has detained four members of an organized group specializing in cryptocurrency theft through SIM swap attacks. The detainees face up to 25 years in prison on charges of forming a criminal organization, hacking computer systems, and money laundering.

This operation is a vivid example of how cybercrime in the crypto industry is becoming increasingly transnational. The attackers operated using a well-established, yet no less dangerous, scheme that continues to threaten the security of digital asset users.

How the SIM Swap Scheme Worked

The investigation established that the criminals did not directly hack servers. Their initial access to the IT systems of telecom operators' partner companies was gained through social engineering methods and specialized software for intercepting employees' work emails. After gaining control of email accounts, they launched SIM swap attacks: cloning or intercepting victims' phone numbers.

Once the attackers gained control over SMS and email, they reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. After that, funds from these accounts were withdrawn. The scheme exploits a fundamental vulnerability: many services still allow account recovery via phone number, even though the security of telecom companies remains questionable.

According to FBI estimates, losses from SIM swap attacks in the U.S. alone exceeded $68 million from bank and crypto accounts in 2021.

Money Laundering and International Investigation

The stolen funds quickly spread through a branched financial network. Personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used. The scale of money laundering is estimated at tens of millions of zlotys—several million dollars. This is comparable to other European crypto money laundering networks dismantled over the past year.

The Regional Prosecutor's Office in Krakow is coordinating the investigation, with the FBI and HSI joining in. This indicates that victims or infrastructure are located outside of Poland. Such international cooperation has already been demonstrated in the arrests of organizers of other SIM swap schemes.

The CBZC has not yet disclosed the names of the detainees or published their photos, citing the ongoing investigation. An unconfirmed version has appeared on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on it. The case remains open, and further arrests are possible.

Expert opinion: This operation is a serious signal for all market participants. SIM swapping remains one of the most effective and hard-to-trace methods of stealing cryptocurrencies. I strongly recommend users abandon SMS authentication in favor of hardware keys or authenticator apps. Exchanges and telecom operators need to tighten account recovery procedures. Without comprehensive security at all levels, we will see such high-profile cases again and again.