Joint operation of Poland and the FBI: dismantled a network of SIM swappers who stole millions of dollars in cryptocurrency
Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), has conducted a large-scale operation to detain an organized criminal group specializing in cryptocurrency theft. Four suspects, charged with forming a criminal organization, unauthorized access to computer systems, and money laundering, have been taken into custody. They face up to 25 years in prison.
How the Scheme Worked: From Social Engineering to Account Takeover
The criminals' methodology is a classic but highly effective SIM-swap. They gained initial access to the IT systems of telecommunications companies not through technical hacking, but via social engineering and psychological manipulation of employees. Using specialized software to intercept work correspondence, the attackers obtained login credentials.
After gaining control over the operators' infrastructure, the group initiated the process of cloning or intercepting victims' phone numbers. By taking over SMS traffic and email, they reset passwords, bypassed two-factor authentication, and seized accounts on cryptocurrency exchanges. Digital assets were then instantly withdrawn.
The scheme exploits a fundamental yet unresolved vulnerability: many financial services allow account recovery via phone number, making them easy targets when mobile communications are compromised. According to the FBI, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021, and this figure continues to grow.
Money Laundering and International Trail
Stolen funds were instantly distributed across a sprawling financial network. The investigation established that personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used. The scale of money laundering is estimated at tens of millions of zlotys, comparable to other major European cases involving the dismantling of crypto laundering operations over the past year.
Notably, the investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or the infrastructure involved are located outside Poland. This is further confirmation of the global nature of modern cybercrime. Similar cases, including the theft of approximately $400 million from the bankrupt FTX exchange in 2022, are also being investigated in the U.S., pointing to a unified attack methodology.
The CBZC has not yet disclosed the names of the suspects, citing the ongoing investigation. However, unconfirmed reports are circulating online linking one of the individuals to the well-known pseudonym Merry. There is no official confirmation of this information, but it is clear that the case remains open, and further arrests may follow.
Analyst's Opinion: This case is a stark reminder that even the most advanced security protocols are helpless if the weak link remains the human factor at the level of telecom operators. For investors, this is a signal: relying solely on SMS authentication to protect assets is deadly dangerous. Hardware wallets and authenticator apps should become the standard, not a luxury.