Elimination of a criminal network: Poland and the US strike against SIM-Swap fraudsters
The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The suspects are accused of stealing cryptocurrencies using the SIM-Swap method. They face up to 25 years in prison on charges of forming a criminal organization, unauthorized access to computer systems, and money laundering.
How the criminal scheme worked
The group operated using a well-established yet effective scheme. They gained initial access to the infrastructure of telecommunications companies not through technical hacking, but via social engineering methods—psychological manipulation to obtain employees' confidential data. Specialized malware provided access to work correspondence, allowing the criminals to take control of accounts.
Then came the climax—the SIM-Swap attack. The criminals cloned or intercepted victims' phone numbers, gaining full control over SMS and email. This enabled them to reset passwords, bypass two-factor authentication, and seamlessly take over accounts on cryptocurrency exchanges. After that, digital assets were transferred to wallets under their control.
According to FBI estimates, losses from such attacks in the U.S. alone exceeded $68 million in 2021. This is just the tip of the iceberg, and the current case vividly demonstrates how vulnerable the security system relying on SMS verification remains.
Money laundering and international investigation
After withdrawing the funds, the criminals initiated a complex money laundering chain. The stolen assets were distributed across an extensive financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The scale of the laundering is estimated at tens of millions of zlotys (several million dollars), comparable to other major European crypto money laundering networks dismantled over the past year.
The investigation is being overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that the victims or infrastructure are located outside Poland. This is a clear example that international crimes in the crypto industry require coordinated actions by law enforcement agencies from different countries.
The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. An unconfirmed version has emerged on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this information.
Expert opinion: This case is yet another reminder that even the most basic social engineering methods remain deadly dangerous for the industry. Relying on SMS as a security factor is an anachronism. To protect assets, hardware keys and authenticator apps must be used. Without this, users and exchanges remain easy targets for organized groups that are operating increasingly professionally and on an international level.