Joint operation of Poland and the FBI: a group involved in cryptocurrency theft through SIM swapping has been dismantled.
The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four suspects belonging to an organized criminal group. The group's primary specialization was cryptocurrency theft using the SIM-swap method. The detainees are charged with forming a criminal organization, unlawful access to computer systems, and money laundering. All four face up to 25 years in prison and have been taken into custody pending trial.
How the Criminal Scheme Worked
The investigation established that the perpetrators did not start with technical hacking but with social engineering methods. Using psychological manipulation and specialized software, they gained access to the work correspondence of employees at companies collaborating with telecommunications operators. After obtaining the necessary data, the group launched SIM-swap attacks: cloning or intercepting victims' phone numbers. Gaining control over SMS messages and emails, the criminals reset passwords, bypassed two-factor authentication, and seized accounts on cryptocurrency exchanges. Digital assets from compromised accounts were then immediately withdrawn.
The scheme exploits a long-known vulnerability: despite regular security issues among telecom operators, many services still allow account recovery via phone number. According to the FBI, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021, and this figure continues to grow.
Money Laundering and International Investigation
The stolen funds quickly spread through a branched financial network. Personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used. Investigators estimate the scale of money laundering at tens of millions of zlotys, equivalent to several million dollars. This is comparable to other European cryptocurrency money laundering networks dismantled over the past year.
It is important to note that the FBI and HSI joined the case, directly indicating the international nature of the crime: victims or infrastructure are located outside Poland. Such cross-border crimes in the crypto industry require coordinated efforts from agencies in different countries. This is not the first time international cooperation has led to the arrest of organizers of SIM-swap schemes.
The CBZC has not yet disclosed the names of the detainees or published their photos, citing the ongoing investigation. Unconfirmed information has appeared online that one of the accused may be linked to the well-known pseudonym Merry, but the police have not commented on this version. The case remains open, and further arrests are not ruled out.
Expert Comment: This case is yet another reminder that two-factor authentication via SMS is long outdated and extremely unreliable. To protect crypto assets, I strongly recommend using hardware security keys or authenticator apps. The crypto industry must more actively adopt advanced verification methods to stay ahead of criminals who are constantly refining their social engineering tools.