Crypto news

25.06.2026
22:09

Poland and the FBI struck a blow against a SIM-swapping network: four suspects in cryptocurrency theft behind bars

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four suspects involved in organizing a cryptocurrency theft scheme through SIM swapping. This case serves as yet another reminder that vulnerabilities in telecommunications infrastructure remain the "Achilles' heel" for digital asset security.

As the investigation revealed, the criminals operated according to a well-established scheme. They initially gained access to telecom operators' systems not so much through technical hacking, but through social engineering methods. Using psychological manipulation and specialized software, the perpetrators obtained access to the work correspondence of employees at partner companies of telecom operators. Having secured the necessary privileges, the group launched SIM swap attacks: cloning or intercepting victims' phone numbers. By taking control of SMS and email, the criminals reset passwords, bypassed two-factor authentication (2FA), and gained full access to accounts on cryptocurrency exchanges.

Millions in losses and an international trail

The stolen funds were immediately funneled into an extensive financial network. Investigators from the Krakow Prosecutor's Office note that the suspects viewed this scheme as a permanent source of income. They used personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. The total damage caused by the group's activities is estimated at tens of millions of zlotys, equivalent to several million dollars. This is comparable to other recently dismantled European cryptocurrency laundering networks.

It is important to emphasize that this problem is global in nature. According to the FBI, losses from SIM swap attacks in the United States alone exceeded $68 million from bank and crypto accounts in 2021. One of the largest operations of this kind was linked to the theft of approximately $400 million from the bankrupt FTX exchange in 2022. Notably, unconfirmed information has already appeared on social media linking one of the detainees to the well-known pseudonym Merry, but the police have not commented on this information.

The CBZC, established in 2022, has not yet disclosed the names of the suspects, citing the ongoing investigation. However, it is clear that this case is just the tip of the iceberg. International cooperation in investigating such cybercrimes is becoming not just desirable, but vitally necessary.

Expert opinion: This case once again confirms the critical importance of using hardware security keys (e.g., YubiKey) instead of SMS confirmation for 2FA. As long as major exchanges and services do not make this method of protection mandatory, and telecom operators do not strengthen identity verification procedures when changing SIM cards, we will continue to see new waves of such attacks. The market must move toward a standard of "zero trust" in phone numbers.