Poland and the FBI struck a blow against an organized SIM-swapping group: millions in cryptocurrency stolen.
Poland's Central Cybercrime Bureau (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. These individuals are suspected of systematically stealing cryptocurrencies using the SIM swap method.
The investigation established that the perpetrators did not limit themselves to technical hacking. They gained initial access to the IT systems of companies cooperating with telecommunications operators through social engineering methods — psychological manipulations aimed at obtaining confidential data. Additionally, specialized malicious software was used to gain access to employees' work email accounts.
How the theft scheme worked
Having obtained the necessary privileges, the criminals launched SIM swap attacks. They cloned or intercepted their victims' phone numbers. By taking control of SMS and email, they reset passwords, bypassed two-factor authentication, and gained access to cryptocurrency accounts. The digital assets were then transferred to wallets under their control.
This scheme exploits a critical vulnerability that we, as analysts, have been warning about for years: many services still allow account recovery via phone number, despite ongoing security issues at telecom companies. According to FBI data, losses from SIM swap attacks in the United States alone exceeded $68 million in 2021.
Money laundering and international connections
The stolen funds were quickly dispersed through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of money laundering at tens of millions of zlotys, comparable to other European cryptocurrency laundering networks dismantled over the past year.
The investigation is being overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. This is further confirmation that international crimes in the crypto industry require coordinated efforts between agencies from different countries. Similar cooperation has been observed in the arrests of organizers of other SIM swap schemes.
Those detained are charged with forming a criminal organization, hacking computer systems, and money laundering. They face up to 25 years in prison. The CBZC, established in 2022, has not yet disclosed the suspects' names, citing the ongoing investigation, although unconfirmed information has emerged online linking one of them to the well-known pseudonym Merry.
My analysis: This operation is a clear signal that law enforcement agencies are beginning to systematically target not just individual hackers, but entire criminal networks. The SIM swap vulnerability will remain a serious threat until the industry abandons SMS authentication in favor of more reliable methods, such as hardware security keys. Investors should immediately review their security measures.