Polish special services and the FBI neutralized a group that was stealing cryptocurrencies through SIM swapping.
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four alleged members of an organized criminal group. The perpetrators specialized in stealing digital assets using the SIM-swap method — replacing SIM cards to gain control over victims' accounts.
The detainees are charged with creating a criminal organization, unauthorized access to computer systems, theft of property, and money laundering. All four have been remanded in custody pending trial, each facing up to 25 years in prison.
Mechanics of the Criminal Scheme: From Social Engineering to Exchange Account Takeover
As established during the investigation, the attackers initially gained access to the IT systems of companies that collaborate with telecommunications operators. The initial breach was not achieved through technical hacking but through social engineering methods — psychological manipulation to obtain confidential information. Specialized software was also used to gain access to employees' corporate email.
Having obtained the necessary data, the group launched SIM-swap attacks — cloning or intercepting victims' phone numbers. By gaining control over SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. After that, the assets were withdrawn. This scheme exploits a fundamental vulnerability: despite regular security issues at telecom companies, many services still allow account recovery via phone number.
According to the FBI, losses from SIM-swap attacks in the United States alone exceeded $68 million in 2021 — from bank and cryptocurrency accounts.
Money Laundering and the International Dimension of the Investigation
The stolen funds were quickly distributed through a sprawling financial network. The prosecutor's office clarified that the suspects viewed this scheme as a permanent source of income. Personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets were used. The scale of money laundering is estimated by investigators at tens of millions of zlotys — several million dollars. This is comparable to other European cryptocurrency money laundering networks dismantled over the past year.
Similar cases are also being investigated in the United States. Federal indictments describe similar schemes for hacking crypto exchanges. One of the largest such operations was the theft of approximately $400 million from the bankrupt FTX exchange in 2022.
The investigation is being overseen by the Regional Prosecutor's Office in Krakow. The FBI and HSI have joined the case, indicating that victims or infrastructure are located outside Poland. International crimes in the crypto industry increasingly require joint efforts by agencies from different countries. Similar cooperation has already occurred in the FBI's arrests of organizers of other SIM-swap schemes.
The CBZC, established in 2022, has not yet disclosed the names of the suspects or published their photos, explaining that the investigation is ongoing. However, the agency's official resources have published a video of the arrest operation. An unconfirmed version has appeared on social media that one of the accused is linked to the well-known pseudonym Merry. The police do not confirm this information. The case remains open, and further arrests may follow.
Analyst Comment: This operation is a stark reminder that security based on SMS and phone numbers is an anachronism in the world of digital assets. Users are strongly advised to switch to hardware security keys (e.g., YubiKey) or authenticator apps for 2FA, and exchanges should implement stricter account recovery procedures. Until the industry solves this fundamental problem, SIM-swap will remain one of the most effective tools in the arsenal of cybercriminals.