Polish law enforcement officers, with the support of the FBI, have shut down a group that was stealing cryptocurrencies through SIM swapping.
Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), has conducted a large-scale operation resulting in the detention of four individuals. They are suspected of organizing the systematic theft of digital assets using SIM swapping attacks.
How the scheme worked
The group operated according to a well-established protocol. The attackers gained initial access to telecom operators' infrastructure not through technical hacking, but via social engineering methods and psychological manipulation of company employees. Using specialized software to intercept work correspondence, they obtained credentials. Then a SIM swapping attack was launched: the victim's number was cloned or reissued to a new SIM card controlled by the fraudsters.
Having gained access to SMS and email, the criminals reset passwords, bypassed two-factor authentication (2FA), and took over accounts on cryptocurrency exchanges. After that, funds were withdrawn to controlled wallets. The scheme, although known, continues to work due to the weak security of telecom protocols and the habit of many services to restore access via phone number.
Money laundering and international trail
The stolen assets were quickly distributed through a branched financial network. Personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used. According to the investigation, the scale of money laundering amounts to tens of millions of zlotys (millions of dollars). This is comparable to other European crypto schemes dismantled over the past year.
Interestingly, the investigation is supervised by the Regional Prosecutor's Office in Krakow, but the involvement of the FBI and HSI indicates that the victims or infrastructure are located outside Poland. This is further confirmation of the globalization of crypto crime, requiring coordinated actions by law enforcement agencies from different countries.
The detainees face up to 25 years in prison on charges of: creating a criminal organization, unlawful access to computer systems, and money laundering. The CBZC has not yet disclosed the identities of the suspects, citing the ongoing investigation. The pseudonym Merry appears in unofficial channels, but there is no official confirmation of this.
My comment as an analyst: This case is another wake-up call for the entire industry. While exchanges and DeFi protocols implement complex security systems, the weak link remains telecom operators and users who use SMS for 2FA. Switching to hardware keys (YubiKey) or authenticator apps (Google Authenticator) is no longer a recommendation, but a strict necessity for anyone holding significant amounts in cryptocurrency.