Dismantling an international SIM-swapping network: Poland and the FBI strike against cryptocurrency thieves
A joint operation by Poland's Central Cybercrime Bureau (CBZC) and U.S. law enforcement agencies — the FBI and Homeland Security Investigations — has led to the arrest of four members of an organized criminal group specializing in cryptocurrency theft through SIM swap attacks. This is yet another confirmation that cybercrime in the digital asset space is no longer a local issue and requires coordinated efforts at the interstate level.
How the Criminal Scheme Operated
According to investigation materials, the perpetrators did not directly hack systems. Their primary tool was social engineering — psychological manipulation aimed at obtaining confidential data from telecommunications company employees. Using specialized malware, they gained access to corporate email, which then allowed them to launch SIM swap attacks: cloning or intercepting victims' phone numbers.
Once they gained control over SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. Digital assets were then withdrawn from these accounts. The scheme exploits a long-known vulnerability: many services still allow account recovery via phone number, despite regular security issues with telecom operators.
According to FBI estimates, losses from SIM swap attacks in the United States alone exceeded $68 million in 2021 — from bank and crypto accounts. The current case, based on the scale of money laundering estimated at tens of millions of zlotys (several million dollars), fully fits into this alarming statistic.
Money Laundering and International Trail
The stolen funds were quickly distributed across an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The prosecutor's office noted that the suspects viewed this scheme as a permanent source of income.
The investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. This is not the first case of international cooperation: the FBI has previously arrested organizers of similar SIM swap schemes. The CBZC, established in 2022, has not yet disclosed the names of those arrested, citing the ongoing investigation, but unconfirmed reports on social media suggest a link between one of the accused and the well-known pseudonym Merry.
Cryptalist Analysis: This arrest is an important signal for the entire industry. It once again underscores that the security of crypto assets begins not with storage on a cold wallet, but with the fundamental security protocols of telecom infrastructure. Until telecom operators implement strict measures against SIM card interception, and exchanges abandon SMS authentication as the primary 2FA method, we will continue to see more and more such cases. Investors should immediately switch to hardware security keys or authenticator apps.