Crypto news

25.06.2026
20:51

Polish special services and the FBI have dismantled an international SIM-swapping network: millions stolen.

Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The perpetrators specialized in stealing cryptocurrency through SIM-swapping attacks—a method that has long remained one of the most dangerous threats to digital asset holders.

How the Scheme Worked: From Social Engineering to Full Account Control

The criminals' methodology was honed to perfection. They gained initial access to telecommunications companies' infrastructure not through technical hacking, but through social engineering—psychological manipulations aimed at obtaining employees' confidential data. Additionally, specialized malware was used to gain access to staff work correspondence.

Having obtained the necessary privileges, the group launched SIM-swap attacks: cloning or intercepting victims' phone numbers. By seizing control of SMS and email, the criminals reset passwords, bypassed two-factor authentication, and gained full access to accounts on cryptocurrency exchanges. Digital assets were then instantly withdrawn.

This scheme exploits a fundamental vulnerability: despite regular warnings, many services still allow account recovery via phone number, making users hostages to telecom operators' security.

Millions in Losses and an International Trail

According to the investigation, the damage from the group's activities amounts to tens of millions of zlotys, equivalent to several million dollars. Stolen funds were quickly distributed through an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The prosecutor's office emphasizes that the criminals viewed this scheme as a permanent source of income.

Notably, the scale of the SIM-swapping problem has long exceeded national borders. In the U.S. alone, according to the FBI, losses from such attacks exceeded $68 million in 2021. One of the largest operations of this kind led to the theft of approximately $400 million from the bankrupt FTX exchange in 2022.

The investigation is overseen by the Regional Prosecutor's Office in Krakow. The fact that the FBI and HSI have joined the case clearly indicates the international nature of the crime: victims or infrastructure are located outside Poland. This is further confirmation that modern crypto crime requires close cooperation between law enforcement agencies from different countries.

The CBZC, established in 2022, has not yet disclosed the names of the detainees or their photos, citing the ongoing investigation. Unconfirmed information has appeared on social media that one of the accused may be linked to the known pseudonym Merry, but the police do not comment on this version. The case remains open, and further arrests are not ruled out.

Expert Commentary: This operation is a clear signal for the entire crypto community. SIM-swapping remains one of the most effective and yet low-tech tools in the arsenal of attackers. Users need to radically rethink their security model: abandoning SMS authentication in favor of hardware keys or authenticator apps is no longer a recommendation but a strict necessity. The market must adapt, otherwise we will see such arrests again and again.