Major Operation: Poland and FBI Disrupt Group That Stole Cryptocurrencies via SIM Swapping
As part of a large-scale international operation, Poland's Central Cybercrime Bureau (CBZC), together with the FBI and the U.S. Homeland Security Investigations (HSI), detained four members of an organized criminal group. The perpetrators specialized in stealing digital assets using the SIM swap attack method — one of the most dangerous and difficult-to-trace threats in the modern crypto industry.
The investigation established that the criminals operated according to a well-coordinated but technically complex scheme. In the first stage, they gained access to the IT systems of companies cooperating with telecommunications operators. Notably, the initial breach was carried out not through technical hacking, but through social engineering methods — psychological manipulation to obtain confidential data. Using specialized malware, the group gained access to employees' corporate email accounts.
Attack Mechanics and Scale of Damage
Having obtained the necessary data, the criminals launched SIM swap attacks. They cloned or intercepted victims' phone numbers, gaining full control over their SMS and email inboxes. This allowed them to reset passwords and bypass two-factor authentication on crypto exchanges, after which they took over accounts and withdrew assets.
According to the FBI, in 2021 alone, losses from SIM swap attacks in the U.S. exceeded $68 million, with a significant portion of the losses attributed to crypto accounts. This highlights a systemic vulnerability: many services still rely on phone numbers for account recovery, making them easy targets.
Money Laundering and International Cooperation
The stolen funds were instantly distributed across an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of money laundering at tens of millions of zlotys (several million dollars). This is comparable to other European crypto money laundering networks dismantled over the past year.
Although the CBZC has not yet disclosed the names of the detainees, unconfirmed reports have emerged online linking one of them to the well-known pseudonym Merry. Given that the investigation is being overseen by the Regional Prosecutor's Office in Krakow with the participation of the FBI and HSI, this case could have far-reaching consequences. It is clear that international crimes in the crypto industry require precisely this kind of coordinated approach.
My analysis: This case is yet another reminder that the security of crypto assets directly depends on the security of telecommunications infrastructure. As long as exchanges and services rely on SIM-based authentication, we will continue to see similar incidents. Investors should be strongly advised to use hardware security keys (YubiKey, Ledger) and avoid linking phone numbers to critical accounts.