Polish special services and the FBI have struck a blow against crypto fraudsters: a group of SIM swappers has been detained.
The Central Bureau for Combating Cybercrime of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four alleged members of an organized criminal group. The primary tool of their trade was the classic, yet no less dangerous, SIM-swapping scheme, which allowed them to steal cryptocurrency assets worth millions of dollars.
How the Scheme Worked: From Social Engineering to Exchange Hacks
The investigation established that the perpetrators were not hackers in the classic sense. They gained initial access to the IT systems of companies collaborating with telecom operators not through technical hacking, but through social engineering methods. By manipulating employees, the criminals obtained confidential data and also used specialized software to access work correspondence.
Having obtained the necessary information, the group launched SIM-swap attacks. They cloned or intercepted victims' phone numbers. Gaining control over SMS and email, the criminals easily reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. This once again proves the vulnerability of protection based on linking an account to a phone number.
According to the FBI, losses from such attacks in the United States alone exceeded $68 million in 2021, and this figure continues to grow. The stolen funds quickly dispersed through an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The scale of money laundering is estimated at tens of millions of zlotys — several million dollars.
International Cooperation and New Risks
The investigation is being overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that the victims or infrastructure are located outside of Poland. This is a typical picture for modern crypto crimes, which increasingly require joint efforts from agencies in different countries. Similar cooperation has been observed in the arrests of organizers of other major SIM-swap schemes.
The CBZC has not yet disclosed the names of the suspects, explaining that the investigation is ongoing. However, unconfirmed reports have already appeared on social media suggesting that one of the accused is linked to the well-known pseudonym Merry. The police do not comment on this information but emphasize that the case remains open and further arrests may follow.
Expert opinion: This case is yet another reminder that the cryptocurrency industry remains extremely vulnerable to attacks on telecommunications infrastructure. I strongly recommend that users abandon SMS authentication in favor of hardware keys or authenticator apps. Until exchanges and services implement more reliable security methods, SIM-swapping will remain one of the most effective tools in the arsenal of cybercriminals.