Poland and the FBI struck a blow against a SIM-swapping network: four detained
Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four suspected members of an organized criminal group. The group's primary activity was stealing cryptocurrencies using SIM swap methods.
How the digital asset theft scheme worked
The investigation revealed that the perpetrators did not simply hack systems but employed multi-step combinations. They gained initial access to the IT infrastructure of companies collaborating with telecom operators through social engineering — psychological manipulation of employees to obtain confidential data. Specialized malware was also used to gain access to work correspondence.
Once they obtained the necessary credentials, the group launched SIM swap attacks. They cloned or intercepted victims' phone numbers, gaining full control over SMS and email. This allowed them to reset passwords, bypass SMS-based two-factor authentication (2FA), and take over accounts on cryptocurrency exchanges. The funds were then withdrawn through a complex network of wallets and shell accounts.
Scale of damage and international investigation
The investigation estimates the sums laundered through these schemes at tens of millions of dollars. Although the exact damage caused by this specific group has not yet been disclosed, it is worth noting that, according to the FBI, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021. This confirms that such schemes remain one of the most dangerous threats to cryptocurrency holders.
Interestingly, the case is being handled by the Regional Prosecutor's Office in Krakow, and the involvement of U.S. intelligence agencies indicates the international nature of the crimes. This suggests that victims or the infrastructure used are located outside Poland. Such cooperation is becoming the norm: last year, the FBI already detained the organizers of major SIM swap schemes, including those linked to the theft of approximately $400 million from the bankrupt FTX exchange.
The detainees face up to 25 years in prison on charges of forming a criminal organization, hacking computer systems, and money laundering. The CBZC has not yet disclosed the suspects' names, citing the ongoing investigation, but unconfirmed information circulating on social media links one of them to the well-known pseudonym Merry.
Expert opinion: This operation is yet another reminder of how vulnerable the "phone number + SMS" combination remains. The crypto industry must more actively transition to hardware security keys (e.g., YubiKey) and authenticator apps. Relying solely on a SIM card to protect assets is an invitation to theft, and law enforcement understands this perfectly well.