Crypto news

25.06.2026
21:37

Poland and the FBI struck a blow against an international group that stole cryptocurrency through SIM swapping.

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. These perpetrators specialized in stealing digital assets using the SIM-swap method—cloning or intercepting victims' phone numbers.

The detainees are charged with creating a criminal organization, unauthorized access to computer systems for the purpose of theft, and money laundering. All four are currently in custody. If convicted, each faces up to 25 years in prison.

How the scheme worked: from social engineering to account takeover

The criminals did not directly hack servers. Their initial access to the IT infrastructure of companies cooperating with telecom operators was obtained through social engineering methods. Using psychological manipulation and specialized software to intercept work correspondence, they acquired confidential data.

After obtaining the necessary privileges, the group launched SIM-swap attacks. By intercepting control over the victim's SMS and email, they reset passwords, bypassed two-factor authentication, and gained full access to accounts on cryptocurrency exchanges. The digital assets from these accounts were then immediately withdrawn.

This scheme exploits a fundamental vulnerability: many services still allow account recovery via phone number, despite recurring security issues with telecom companies. According to FBI estimates, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021, affecting both bank and crypto accounts.

International scope and money laundering

The stolen funds were quickly distributed through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of money laundering at tens of millions of zlotys, equivalent to several million dollars. This is comparable to other European crypto money laundering networks dismantled in the past year.

Notably, the investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. This further confirms that international crimes in the crypto industry require coordinated efforts by law enforcement agencies from different countries.

The CBZC has not yet disclosed the names and photos of the detainees, citing the ongoing investigation. Unverified information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but official sources have not commented on this. The case remains open, and further arrests are not ruled out.

Expert opinion: This case is a vivid illustration that even the most advanced technical security measures (2FA) can be nullified by a vulnerability in telecom infrastructure. For investors, this is a signal: using hardware security keys (e.g., YubiKey) as a second factor, rather than relying on SMS, is no longer a recommendation but a necessity for preserving assets.