Crypto news

25.06.2026
21:22

Polish cyberpolice and the FBI have dismantled a SIM-swapping network: millions in cryptocurrency stolen.

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Immigration and Customs Enforcement's Homeland Security Investigations (HSI), has conducted a large-scale operation to detain members of an organized group specializing in cryptocurrency theft. Four suspects have been taken into custody and now face up to 25 years in prison for forming a criminal enterprise, unauthorized access to computer systems, and money laundering.

How the Scheme Worked: Social Engineering and SIM Swapping

The criminals' methodology is classic, but no less destructive for it. They achieved initial infiltration into the infrastructure not through complex technical hacks, but through social engineering. Using specialized software, the attackers gained access to the corporate email of telecommunications company employees. This gave them the keys to managing the victims' phone numbers.

Next came SIM swap attacks. By intercepting or cloning the target's SIM card, the criminals gained control over SMS messages and email. This allowed them to reset passwords, bypass two-factor authentication, and seize accounts on cryptocurrency exchanges. After that, the digital assets were instantly withdrawn.

The vulnerability on which this scheme is built is as old as the hills: reliance on a phone number as a security factor. Despite numerous warnings, many services still allow account recovery via phone number, making them easy prey.

Money Laundering and the International Trail

The stolen funds quickly dispersed through a sprawling financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of the laundering at tens of millions of zlotys (several million dollars). This is comparable to other European cryptocurrency money laundering networks dismantled over the past year.

It is important to note that the investigation is being overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that the victims or infrastructure are located outside of Poland. This is further confirmation of the global nature of crypto crime, where international cooperation is becoming not just desirable, but a mandatory condition for successful combat.

The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed information circulates on social media about a connection between one of the individuals involved and the well-known pseudonym Merry, but official sources do not comment on this data. It is clear that this is just the beginning, and more arrests lie ahead.

Expert Opinion: This case is yet another reminder that the security of crypto assets begins not with storage on a cold wallet, but with the basic principles of digital hygiene. Using SMS for 2FA is an anachronism that makes an investor an easy target. Hardware security keys (like YubiKey) or authenticator apps should become the standard for anyone holding significant sums in cryptocurrency.