Crypto news

25.06.2026
18:50

A network of SIM swappers has been dismantled: arrests in Poland with FBI involvement

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation to detain four members of an organized criminal group. The perpetrators' main specialization was stealing cryptocurrencies through SIM swap attacks.

During the investigation, overseen by the Regional Prosecutor's Office in Krakow, it was established that the group operated according to a well-established scheme. In the first stage, the criminals gained access to the IT systems of companies collaborating with telecom operators. Notably, they obtained initial access not through technical hacking, but through social engineering methods and with the help of specialized malware that opened access to employees' work emails.

Attack Mechanics: From Social Engineering to Asset Seizure

Having obtained the necessary data, the criminals launched SIM swap attacks. They cloned or intercepted victims' phone numbers, gaining full control over SMS messages and emails. This allowed them to reset passwords and bypass two-factor authentication, taking over accounts on cryptocurrency exchanges. After that, digital assets were instantly withdrawn to controlled wallets.

The scheme relies on a long-known vulnerability: despite repeated warnings, many services still allow account recovery via phone number. According to FBI estimates, in 2021 alone, losses from SIM swap attacks in the U.S. exceeded $68 million from bank and crypto accounts.

Laundering Through a Vast Network

Stolen funds were quickly distributed through a vast financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. The investigation estimates the scale of money laundering at tens of millions of zlotys. The suspects viewed this scheme as a permanent source of income.

It is important to note that this is not an isolated case. In the U.S., indictments have already been issued for similar schemes involving hacking cryptocurrency exchanges. One of the largest such operations led to the theft of approximately $400 million from the bankrupt FTX exchange in 2022.

Notably, the CBZC, established only in 2022, has not yet disclosed the names of the detainees or published their photos, citing the ongoing investigation. An unconfirmed version has appeared on social media linking one of the accused to the well-known pseudonym Merry, but the police do not comment on this information. The case remains open, and experts do not rule out further arrests.

Cryptalist Analysis: This operation is a vivid example that international law enforcement cooperation is becoming a key tool in the fight against crypto crime. For investors, this is another reminder of the critical importance of hardware wallets and abandoning SMS authentication in favor of more reliable methods, such as TOTP or physical security keys. The market is becoming cleaner, but security still begins with personal responsibility.