Poland and the FBI struck against SIM-swappers: four suspects detained for cryptocurrency theft
An international law enforcement operation led to the arrest of four members of an organized criminal group specializing in stealing digital assets through SIM swap attacks. The investigation was spearheaded by Poland's Central Cybercrime Bureau (CBZC) with active support from the FBI and the U.S. Homeland Security Investigations (HSI).
How the Scheme Worked: From Social Engineering to Crypto Wallet Takeovers
The perpetrators operated using a well-honed, yet no less dangerous, scheme. They gained initial access to the IT infrastructure of companies working with telecom operators not through sophisticated technical hacking, but through social engineering methods. Using psychological manipulation and specialized software to access employees' work correspondence, the criminals obtained confidential data.
Once in possession of the necessary information, the group launched SIM swap attacks — essentially cloning or intercepting victims' phone numbers. Gaining control over SMS and email, the attackers reset passwords, bypassed two-factor authentication (2FA), and gained full access to accounts on cryptocurrency exchanges. Digital assets were then immediately withdrawn.
This vulnerability remains one of the most critical in the industry. Despite numerous warnings, many services still rely on SMS verification, making them easy targets for such groups. According to FBI estimates, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021.
Money Laundering and International Trail
The stolen funds were quickly "laundered" through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of the laundering at tens of millions of zlotys, comparable to other major European cryptocurrency laundering networks dismantled over the past year.
Notably, the investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. This is further confirmation that cross-border crimes in the crypto industry require close coordination between law enforcement agencies from different countries.
At this time, the CBZC has not disclosed the names of those arrested, citing the ongoing investigation. Unconfirmed information circulates online about a connection between one of the individuals and the well-known pseudonym Merry, but there is no official confirmation of this. All four will remain in custody pending trial and face up to 25 years in prison.
Cryptalist Analysis: This case is yet another reminder that security in the cryptocurrency sphere begins with basic principles. Using hardware security keys (like YubiKey) instead of SMS codes for 2FA is no longer a recommendation but a necessity for anyone holding significant sums in digital assets. Until the industry and users abandon outdated authentication methods, such schemes will continue, becoming only more sophisticated.