A network of SIM swappers has been dismantled: Poland and the FBI strike against cryptocurrency thieves
The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation that resulted in the detention of four key figures of an organized criminal group. These individuals are suspected of systematically stealing digital assets using social engineering methods and SIM swap attacks.
The detainees are charged with creating a criminal organization, illegal access to computer systems for theft, and laundering criminal proceeds. All four have been taken into custody pending trial. The maximum penalty they face under the combined charges is up to 25 years in prison.
How the scheme worked: from social engineering to account takeover
The investigation established that the criminals did not directly hack systems. Their initial access to the IT infrastructure of companies cooperating with telecom operators was obtained solely through psychological manipulation methods — phishing and social engineering. Using specialized malware, they gained access to employees' work correspondence.
Having obtained the necessary data, the group launched SIM swap attacks: cloning or intercepting victims' phone numbers. Gaining control over SMS and email, the attackers reset passwords, bypassed two-factor authentication (2FA), and took over accounts on cryptocurrency exchanges. After that, the digital assets were withdrawn without a trace.
This scheme is a classic example of a vulnerability that many market players continue to ignore: linking account recovery to a phone number. According to FBI estimates, losses from SIM swap attacks in the U.S. alone exceeded $68 million in 2021.
Money laundering and international trail
The stolen funds quickly dispersed through a sprawling financial network. Investigators note that the suspects viewed this scheme as a permanent source of income. Personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used for money laundering.
The scale of money laundering is estimated at tens of millions of zlotys, equivalent to several million dollars. This is comparable to other major European cryptocurrency laundering networks dismantled over the past year. The investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland.
Notably, similar cases are also being investigated in the U.S. Federal indictments describe identical schemes for hacking crypto exchanges. One of the largest such operations led to the theft of approximately $400 million from the bankrupt FTX exchange in 2022.
The CBZC, established in 2022, has not yet disclosed the names of the suspects or published their photos, citing the ongoing investigation. Physical evidence has already been seized during the operation. Unconfirmed information circulates on social media linking one of the accused to the well-known pseudonym Merry, but the police do not comment on this version.
Expert comment: This operation is yet another confirmation that law enforcement agencies are working increasingly actively and effectively at the intersection of traditional cybercrime and cryptocurrencies. SIM swapping remains one of the most underestimated threats. I strongly recommend that all users switch to hardware security keys (e.g., YubiKey) or app-based authenticators (TOTP), completely abandoning SMS as a 2FA factor. Ignoring this recommendation is a direct path to losing funds.