Poland and the FBI struck a blow against a network of crypto scammers: four participants in SIM-swap attacks have been detained.
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the arrest of four suspects involved in organizing a complex cryptocurrency theft scheme. The perpetrators, operating as part of an organized group, specialized in SIM swap attacks—a method that remains one of the most dangerous threats to digital asset holders.
Crime Mechanics: From Social Engineering to Account Takeovers
The investigation established that the criminals did not directly hack servers. They gained initial access to the IT systems of telecommunications companies through social engineering methods—psychological manipulation of employees. Using specialized software to intercept work correspondence, they obtained credentials and privileges.
Having gained control over the infrastructure, the group launched SIM swap attacks: cloning or intercepting victims' phone numbers. This allowed them to bypass two-factor authentication, reset passwords, and gain full access to accounts on cryptocurrency exchanges. Afterward, digital assets were quickly withdrawn.
According to the FBI, damages from SIM swap attacks in the U.S. alone exceeded $68 million in 2021. And this is just the tip of the iceberg. The scheme continues to work because many major services still rely on phone number-based account recovery—a fundamental vulnerability that attackers exploit with alarming efficiency.
Money Laundering and International Trail
The stolen funds were quickly distributed across an extensive financial network, including bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The Krakow Prosecutor's Office estimates the scale of money laundering at tens of millions of zlotys—equivalent to several million dollars. This is comparable to other major European crypto money laundering networks dismantled over the past year.
The case is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates the cross-border nature of the crimes. This is not the first time U.S. intelligence agencies have been brought in to investigate such schemes—criminal cases have already been opened in the U.S. regarding SIM swap attacks, including the theft of approximately $400 million from the bankrupt FTX exchange in 2022.
The CBZC, established in 2022, has not yet disclosed the names or photos of the detainees, citing the ongoing investigation. Unconfirmed information has appeared on social media about a possible connection between one of the accused and the known pseudonym Merry, but the police have not commented on this. The case remains open, and in my assessment, this is only the first round—further arrests are likely.
Analyst's Comment: This operation is a stark reminder that the security of crypto assets directly depends on protecting the perimeter beyond the blockchain. SIM swap attacks target the human factor and telecom infrastructure. I strongly recommend investors disconnect their phone numbers from exchange accounts and switch to hardware keys or authenticator apps. Until the crypto industry solves this systemic problem, we will see such arrests again and again.