Crypto news

25.06.2026
20:07

A SIM-swap fraud network has been dismantled: a joint operation between Poland and the FBI.

Poland's Central Cybercrime Bureau (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The perpetrators specialized in stealing cryptocurrencies through SIM swap attacks — a method that remains one of the most dangerous threats to digital asset holders.

Attack Mechanism and the Role of Social Engineering

The investigation established that the criminals did not use sophisticated technical hacks at the initial stage. They gained primary access to the IT systems of companies cooperating with telecommunications operators through social engineering methods — psychological manipulation to obtain confidential data. Specialized software allowed them to intercept employees' work correspondence.

Once access was obtained, the group launched SIM swap attacks: cloning or intercepting victims' phone numbers. Control over SMS and email enabled them to reset passwords, bypass two-factor authentication, and take over accounts on cryptocurrency exchanges. The stolen assets were quickly funneled through an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets.

Scale and International Cooperation

The damage caused by the group's activities is estimated at tens of millions of zlotys — several million dollars. This is comparable to other European cryptocurrency laundering networks dismantled over the past year. Notably, the investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that the infrastructure or victims are located outside Poland.

According to the FBI, losses from SIM swap attacks in the United States alone exceeded $68 million in 2021 — from bank and crypto accounts. One of the largest such operations led to the theft of approximately $400 million from the bankrupt FTX exchange in 2022.

Ongoing Investigation

The CBZC, established in 2022, has not yet disclosed the names of the suspects or published their photos, explaining that the investigation is ongoing. Unconfirmed reports on social media suggest a connection between one of the accused and the well-known pseudonym Merry, but the police have not commented on this information. The agency emphasizes that the case remains open and that further arrests may follow.

Expert Commentary: This operation is a vivid example of how international law enforcement cooperation is becoming a key factor in combating crypto crime. However, until telecommunications companies strengthen their defenses against SIM swap attacks, this vulnerability will remain a favorite tool for criminals. Cryptocurrency owners are strongly advised to use hardware wallets and authenticator apps instead of SMS verification.