Joint operation of Poland and the FBI: a group that stole cryptocurrencies through SIM swapping has been eliminated
Poland's Central Cybercrime Bureau (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the arrest of four members of an organized criminal group specializing in the theft of digital assets. All detainees have been charged with forming a criminal organization, unauthorized access to computer systems, and money laundering. They face up to 25 years in prison.
Attack Mechanics: From Social Engineering to Account Takeover
According to the investigation, the criminals operated using a proven SIM-swap scheme. Initial infiltration into the infrastructure of telecom operator partner companies was achieved not through technical hacking, but through social engineering methods — psychological manipulation to obtain confidential data. Using specialized software to access employees' work correspondence, the perpetrators obtained the necessary logins and passwords.
After gaining control of internal systems, the group launched SIM-swap attacks: they cloned or intercepted victims' phone numbers. With access to SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. Digital assets from these accounts were then immediately withdrawn. This scheme exploits a long-standing vulnerability: despite regular security issues at telecom companies, many services still allow account recovery via phone number. According to the FBI, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021.
Money Laundering and International Trail
The stolen funds were quickly distributed through a sprawling financial network. The prosecutor's office noted that the suspects viewed this scheme as a permanent source of income. They used personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. The scale of money laundering is estimated at tens of millions of zlotys — several million dollars. This is comparable to other European cryptocurrency laundering networks dismantled over the past year.
The investigation is overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland as well. International crimes in the crypto industry increasingly require joint efforts from agencies across different countries. Similar cooperation was observed during the FBI's arrest of organizers of other SIM-swap schemes.
The CBZC, established in 2022, has not yet disclosed the names of the suspects or published their photos, citing the ongoing investigation. The agency emphasizes that the case remains open and further arrests may follow. An unconfirmed version has emerged on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this information.
Expert Opinion: This operation is yet another confirmation that SIM-swap remains one of the most dangerous and profitable threats to cryptocurrency holders. Until the industry transitions to hardware security keys and biometrics, and telecom operators strengthen verification procedures, we will continue to see such incidents. Investors should be strongly advised to disconnect phone number linking from exchange accounts and use more reliable 2FA methods.