Joint operation of Poland and the FBI: dismantled a network stealing cryptocurrency through SIM swapping
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four alleged members of an organized criminal group. The perpetrators specialized in stealing digital assets through SIM swap attacks—a method where criminals intercept control of the victim's phone number.
The detainees are charged with creating a criminal organization, unauthorized access to computer systems, and money laundering. All four will remain in custody pending trial, and each faces up to 25 years in prison. This case is a vivid example of how international law enforcement cooperation can effectively combat cyber threats in the crypto industry.
Attack Mechanics: From Social Engineering to Exchange Account Takeover
As the investigation revealed, the criminals did not use complex technical hacks for initial penetration. Their main tool was social engineering—psychological manipulation aimed at gaining access to confidential data of telecommunications company employees. Using specialized software, they accessed work correspondence and then launched a SIM swap attack.
By taking control of the victim's phone number, the attackers intercepted SMS and emails, allowing them to reset passwords and bypass two-factor authentication. After that, they gained full access to cryptocurrency accounts on exchanges. The scheme, unfortunately, is as old as the hills but remains effective: many services still rely on phone number-based account recovery, which is a critical vulnerability.
According to the FBI, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021. In this Polish case, the scale of money laundering is estimated at tens of millions of zlotys (several million dollars), comparable to other major European crypto money laundering networks dismantled over the past year.
Global Trail and Unrevealed Details
The investigation, overseen by the Regional Prosecutor's Office in Krakow, is ongoing. The fact that the FBI and HSI have joined the case points to the international nature of the crime—victims or infrastructure are located outside Poland. This confirms a trend: cross-border crimes in the crypto industry require coordinated efforts by agencies from different countries.
The CBZC has not yet disclosed the names of the suspects or published their photos, citing the ongoing investigation. An unconfirmed version has appeared on social media that one of the accused is linked to the well-known pseudonym Merry, but the police do not comment on this information. The case remains open, and further arrests are not ruled out.
Expert Commentary: SIM swapping remains one of the most dangerous yet underestimated attack vectors in the crypto industry. This case is another reminder that relying on SMS authentication to protect digital assets is an anachronism. I strongly recommend investors switch to hardware security keys (e.g., YubiKey) or authenticator apps, and exchanges tighten their account recovery procedures.