Polish law enforcement, with the support of the FBI, has dismantled a SIM-swapping group: a major blow to cryptocurrency crime.
Poland's Central Cybercrime Bureau (CBZC), in coordination with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The perpetrators specialized in SIM-swap attacks aimed at stealing cryptocurrency assets from exchange wallets.
The suspects face charges on multiple counts, including forming a criminal organization, unauthorized access to computer systems, and money laundering. All four are currently in custody. Under Polish law, the maximum penalty for these charges can reach 25 years in prison.
How the scheme worked: from social engineering to exchange account takeover
The criminals' methodology was typical of such cyber groups but featured a high level of organization. Initial infiltration was achieved not through technical hacking but via social engineering techniques. Using specialized software, they gained access to the corporate email accounts of employees at companies that cooperate with telecommunications operators.
Next, the SIM-swapping technique came into play. Having obtained the necessary data, the criminals cloned or intercepted victims' phone numbers. Gaining control over SMS messages and email, they reset passwords, bypassed two-factor authentication, and obtained full access to cryptocurrency accounts on exchanges.
It is worth noting that this vulnerability remains critical for the entire industry. Despite numerous warnings, many financial services still rely on phone number-based account recovery, making them easy targets for such attacks. According to FBI estimates, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021.
Money laundering and international investigation
After seizing the assets, the criminals launched a complex and extensive money laundering network. Stolen cryptocurrencies were quickly distributed across numerous wallets, including multi-currency ones, and converted into fiat currency through personal bank accounts in Poland and abroad. Law enforcement estimates the scale of money laundering at tens of millions of zlotys, equivalent to several million dollars.
The international nature of the investigation, involving the FBI and HSI, indicates that the victims and the criminals' infrastructure were located outside Poland. This further confirms that combating crypto crime requires close coordination between agencies from different countries. Such cooperation has already proven effective in apprehending the organizers of other major SIM-swap schemes.
It is worth noting that the CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. However, unofficial sources have already reported a possible connection of one of the suspects to the known pseudonym Merry, though there is no official confirmation of this. The case remains open, and further arrests are not ruled out.
Expert opinion: This case is not just another police report. It is a clear signal to the market that law enforcement systems in different countries have begun to effectively coordinate their efforts to combat cyber threats in the crypto sphere. For digital asset holders, this means that using a SIM card as the primary authentication factor is no longer acceptable. I strongly recommend switching to hardware security keys or authenticator apps not tied to a phone number.