Poland and the FBI struck a blow against SIM swappers: a group that stole millions of dollars in cryptocurrencies was detained.
The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four suspects involved in organizing a major cryptocurrency theft scheme. The criminal group operated using a classic, yet no less dangerous, SIM-swapping scheme, which allows attackers to intercept control over victims' digital assets.
The investigation revealed that the criminals did not directly hack systems. Their main tools were social engineering and specialized malware that provided access to the corporate email of employees at companies collaborating with telecommunications operators. After obtaining the necessary data, the group launched the attack: they cloned or intercepted victims' SIM cards, gained access to SMS and email, reset passwords, and bypassed two-factor authentication. The final stage involved taking over accounts on cryptocurrency exchanges and withdrawing funds.
According to the FBI, losses from SIM-swapping in the U.S. alone exceeded $68 million in 2021. However, the Polish case demonstrates that the problem is global in nature. The stolen funds quickly spread through a branched financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. The investigation estimates the scale of money laundering at tens of millions of zlotys—comparable to other European cryptocurrency laundering networks dismantled over the past year.
International Cooperation and Undisclosed Details
The investigation is overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that the victims or infrastructure are located outside Poland. Such crimes increasingly require joint efforts from agencies in different countries. Notably, the CBZC has not yet disclosed the names or photographs of the detainees, citing the ongoing investigation. Unconfirmed information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this version.
Expert opinion: This operation is yet another reminder that the weak link in crypto asset security is often not blockchain technology, but the human factor and vulnerabilities in telecommunications infrastructure. As long as exchanges and services rely on SMS authentication, SIM-swapping will remain one of the most effective tools in cybercriminals' arsenals. I recommend all users switch to hardware security keys or authenticator apps not tied to a phone number.