Crypto news

Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the arrest of four individuals. They are suspected of organizing a criminal group specializing in cryptocurrency theft through SIM swap attacks.

The detainees are charged with creating an organized criminal group, unauthorized access to computer systems for the purpose of theft, and money laundering. All four are currently in custody. If convicted, they face up to 25 years in prison.

How the criminal scheme worked: from social engineering to crypto wallet takeover

The methodology of this group is a classic, but no less dangerous, example of a multi-stage attack. The perpetrators gained initial access to the IT systems of companies working with telecom operators not through complex hacking, but using social engineering methods. By employing psychological manipulation and specialized software to access employees' work correspondence, they obtained confidential data.

Having acquired the necessary privileges, the group initiated SIM swap attacks. Simply put, they cloned or intercepted their victims' phone numbers. Gaining control over SMS messages and email, the criminals reset passwords, bypassed two-factor authentication (2FA), and fully took over accounts on cryptocurrency exchanges.

After this, the digital assets were immediately withdrawn. The entire scheme relies on a fundamental vulnerability: despite years of warnings, many services still allow account recovery via phone number, making SIM swapping one of the most effective tools in cybercriminals' arsenals. According to investigations, damages from such attacks in the U.S. alone exceeded $68 million in 2021.

Money laundering through an extensive network and international cooperation

Of particular interest in this case is the financial trail. The stolen funds were quickly distributed through an extensive network, including personal bank accounts both in Poland and abroad, as well as numerous payment services and multi-currency crypto wallets. The prosecutor's office noted that for the suspects, this scheme was not a one-time operation but a constant source of income. The scale of money laundering is estimated at tens of millions of zlotys, equivalent to several million dollars.

The fact that the FBI and HSI joined the investigation clearly indicates the international nature of the crime. The victims or the infrastructure used by the perpetrators are located outside Poland. This is further confirmation that modern cybercrimes in the crypto industry know no borders and require coordinated efforts from law enforcement agencies in different countries.

The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed rumors are circulating online that one of the individuals may be linked to the well-known pseudonym Merry, but there is no official confirmation of this. It is clear that the case remains open, and we may see further arrests ahead.

Expert opinion: This case is yet another wake-up call for all market participants. Relying solely on SMS authentication to protect crypto assets is unforgivable negligence. Investors are strongly advised to switch to hardware security keys (e.g., YubiKey) or authenticator apps (Google Authenticator, Authy). Exchanges, for their part, should tighten account recovery procedures and implement more advanced systems for monitoring suspicious activity. Ignoring these measures makes you an easy target.