Crypto news

25.06.2026
18:35

Polish special services, with the support of the FBI, have dismantled an international SIM-swapping group.

Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation to detain four members of an organized criminal group specializing in cryptocurrency theft through SIM swapping. The detainees are charged with creating a criminal organization, unauthorized access to computer systems, and money laundering. All four are currently in custody and face up to 25 years in prison.

How the scheme worked: from social engineering to crypto wallet takeover

The investigation established that the perpetrators operated using a multi-stage scheme. They gained initial access to the IT systems of companies cooperating with telecommunications operators not through technical hacking, but through social engineering and psychological pressure. Specialized malware allowed them to intercept employees' work correspondence.

Having obtained the necessary data, the group launched SIM swap attacks: they cloned or intercepted victims' phone numbers. Gaining control over SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took control of accounts on cryptocurrency exchanges. Digital assets were then instantly withdrawn. This scheme once again demonstrates the critical vulnerability of many services that still rely on phone number-based account recovery.

According to FBI estimates, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021. However, the scale of this operation appears to be significantly larger.

Money laundering through "crypto mixers" and an international investigation

The stolen funds quickly dispersed through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the volume of laundered funds at tens of millions of zlotys, comparable to other major European cases involving the dismantling of crypto money laundering networks over the past year.

Notably, the investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. International crimes in the crypto industry increasingly require joint efforts from agencies in different countries.

The CBZC, established in 2022, has not yet disclosed the names or photographs of the detainees, citing the ongoing investigation. An unconfirmed version has appeared on social media suggesting that one of the accused is linked to the well-known pseudonym Merry, but official sources do not comment on this information. The case remains open, and further arrests are possible.

Cryptalist Analysis: This case is not just another arrest report. It is a wake-up call for the entire industry. As long as exchanges and services rely on outdated authentication methods like SMS, we will continue to see such attacks. Investors should be strongly advised to switch to hardware wallets and use authenticator apps instead of linking accounts to phone numbers. Security begins with awareness of the risks.