A network of SIM-swappers has been dismantled: Poland and the FBI strike against cryptocurrency thieves
An international operation conducted by Poland's Central Cybercrime Bureau (CBZC) in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI) has led to the arrest of four members of an organized group specializing in cryptocurrency theft through SIM swapping. This is one of the most significant cases in recent times, demonstrating how classic social engineering methods combined with telecom infrastructure vulnerabilities are turning into a serious threat to digital assets.
How the scheme worked: from phishing to wallet takeover
The attackers began by gaining initial access to the IT systems of companies working with mobile operators. Instead of complex technical hacking, they used social engineering methods—psychological manipulation and phishing attacks—to steal employee credentials. Using specialized software, the group gained access to work correspondence, after which they initiated a SIM swap: cloning or intercepting victims' phone numbers.
Having gained control over SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. Digital assets were then transferred to controlled wallets. Although the scheme is not new, it remains effective because many services still rely on phone number recovery. According to FBI estimates, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021.
Money laundering and international trail
The stolen funds were quickly distributed across an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. Investigators estimate the scale of money laundering at tens of millions of zlotys, comparable to other European cryptocurrency laundering networks dismantled over the past year.
The case is being supervised by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI clearly indicates that victims or criminal infrastructure are located outside Poland. This is further confirmation that international crypto crimes require coordinated efforts from law enforcement agencies across different countries.
The CBZC has not yet disclosed the names of those arrested, citing the ongoing investigation. Unconfirmed information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but there is no official confirmation of this. As the agency notes, the case remains open, and further arrests may follow.
Commentary from Cryptalist expert: This case is a stark reminder that even the most advanced crypto investors remain vulnerable due to weak links in the security chain, such as mobile communications. Using hardware wallets and abandoning SMS authentication in favor of authenticator apps is no longer a recommendation but a strict necessity for anyone holding significant amounts in digital assets.