Crypto news

25.06.2026
20:37

SIM Swap Operation: Poland and the FBI dismantle an international cryptocurrency theft ring

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation to detain four members of a criminal group specializing in stealing digital assets through SIM swap attacks. The detainees are charged with creating an organized criminal group, unauthorized access to computer systems, property theft, and money laundering. All four face up to 25 years in prison.

Attack Mechanics: Social Engineering and Telecom Vulnerabilities

The investigation established that the attackers did not use complex technical hacks. Their main tools were social engineering and specialized software to access the corporate email of employees at companies affiliated with telecom operators. After gaining control of the correspondence, the criminals launched SIM swap attacks: they cloned or intercepted victims' phone numbers. By taking control of SMS and email, they reset passwords, bypassed two-factor authentication, and gained full access to accounts on cryptocurrency exchanges.

It is important to emphasize that this scheme exploits a fundamental vulnerability: many services still allow account recovery via phone number, despite numerous warnings about the risks. According to the FBI, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021, and this figure is steadily rising.

Financial Network and International Trail

The stolen funds were quickly distributed through a sprawling financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The Krakow Prosecutor's Office estimates the scale of money laundering at tens of millions of zlotys, equivalent to several million dollars. This is comparable to other major European crypto money laundering networks dismantled in the past year.

Notably, the case is overseen by the Regional Prosecutor's Office in Krakow, with the FBI and HSI joining the investigation. This clearly indicates that victims or infrastructure are located outside Poland. The international nature of crimes in the crypto industry requires increasingly close cooperation between law enforcement agencies from different countries. Such collaboration has already been observed in the arrests of organizers of other SIM swap schemes.

The CBZC, established in 2022, has not yet disclosed the names of the suspects or published their photos, citing an ongoing investigation. Unconfirmed information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this data. It is clear that the case remains open, and further arrests may follow.

Cryptalist Analysis: SIM swap attacks remain one of the most underestimated yet effective hacking methods in the crypto sphere. This case once again proves that security at the telecom provider level is a critically important link. I strongly recommend investors disable phone number linking to exchanges and use hardware keys or authenticator apps for 2FA. Criminals do not hack the blockchain—they hack people and vulnerabilities in their infrastructure.