Major operation: Poland and the FBI have disrupted a group that was stealing cryptocurrencies through SIM swapping.
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized group specializing in cryptocurrency theft. The attackers' primary tool was a classic, yet no less destructive, SIM swap attack. The detainees face up to 25 years in prison on charges of forming a criminal organization, unauthorized access to computer systems, and money laundering.
How the criminal chain operated
During the investigation, it was revealed that the group did not directly hack systems but used social engineering methods. Initial access to the IT infrastructure of telecommunications companies was obtained through psychological manipulation of employees. Specialized malware provided access to corporate email, allowing criminals to obtain confidential data and credentials.
After gaining control of the victim's phone number via a SIM swap, the attackers intercepted SMS and email. This enabled them to reset passwords, bypass two-factor authentication, and gain full access to accounts on cryptocurrency exchanges. Digital assets were then immediately withdrawn. The scheme is cynically simple: it exploits a vulnerability where many services still allow account recovery via phone number, despite the long-known risks.
International trail and scale of damage
The stolen funds quickly dissipated through a sprawling financial network, including bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the scale of money laundering at tens of millions of zlotys, comparable to other high-profile cases involving the dismantling of crypto networks in Europe over the past year.
It is important to note that this case is being overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. This is further confirmation that international coordination is becoming a mandatory condition for combating cybercrime in the crypto industry. Similar precedents, including the theft of approximately $400 million from the bankrupt FTX exchange in 2022, demonstrate that law enforcement agencies have learned to work effectively across borders.
The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed information has appeared on social media linking one of the individuals to the well-known pseudonym Merry, but there is no official confirmation of this. The case remains open, and further arrests are not ruled out.
Analyst's opinion: This operation is a powerful signal for the entire crypto community. SIM swapping remains one of the most dangerous and underestimated threats. Investors are strongly advised to disconnect their phone numbers from crypto accounts and use hardware keys or authenticator apps for 2FA. History shows: if attackers can gain access to your number, your assets are at risk, regardless of how secure the exchange itself is.