A network of SIM swappers has been dismantled: Poland and the FBI strike against crypto cybercrime
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The primary tool used by this cell to steal cryptocurrency was SIM swapping attacks.
The detainees are charged with creating a criminal organization, unauthorized access to computer systems for the purpose of theft, and subsequent laundering of stolen digital assets. All four have been taken into custody pending trial. The maximum penalty they face under the combined charges is up to 25 years in prison.
Attack Mechanics: Social Engineering and Telecom Operator Weaknesses
The scheme used by the attackers is not new, but remains alarmingly effective. They gained initial access to infrastructure not through sophisticated technical hacking, but via social engineering methods. Specialized software and manipulation of employees at companies working with telecom operators allowed them to gain access to corporate email.
Having obtained the necessary data, the group launched a classic SIM swapping attack: cloning or intercepting the victim's phone number. By gaining control over SMS and email, the criminals reset passwords on cryptocurrency exchanges, bypassed two-factor authentication (2FA), and took over accounts. Digital assets were then immediately withdrawn.
The success of this scheme directly points to a vulnerability that many services have yet to address: the ability to recover account access using a phone number. According to the FBI, losses from such attacks in the U.S. alone exceeded $68 million in 2021.
International Trail and Scale of Laundering
The stolen funds were quickly distributed across a sprawling financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. According to investigators, the scale of money laundering amounts to tens of millions of zlotys (millions of dollars). This is comparable to other major European cryptocurrency laundering networks dismantled over the past year.
The fact that the FBI and HSI joined the investigation clearly indicates the international nature of the crimes. Victims or infrastructure are located outside of Poland. International cooperation in combating crypto crime is becoming a necessity, not a luxury.
The CBZC, established in 2022, has not yet disclosed the names or photos of the detainees, citing the ongoing investigation. Unconfirmed information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but there is no official confirmation. It is clear that the case remains open, and further arrests may follow.
Expert Opinion: This case is yet another reminder that SMS-based two-factor authentication is a security relic. Investors and market participants are strongly advised to switch to hardware keys (YubiKey) or time-based one-time password (TOTP) authenticators and, most importantly, never link critical accounts to a phone number. Telecom infrastructure remains the weakest link in this chain.