Dismantling of an international SIM-swap network: Poland and the FBI arrest four suspects in cryptocurrency theft
The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four alleged members of an organized criminal group. The perpetrators specialized in stealing digital assets through SIM-swap attacks—one of the most dangerous and difficult-to-trace methods in the crypto industry.
How the group operated and why it matters for the market
The investigation established that the criminals did not directly hack systems. Their key tool was social engineering. They gained initial access to the IT infrastructure of telecommunications companies through psychological manipulation and specialized software that opened access to employees' work emails. This was followed by a classic SIM-swap attack: cloning or intercepting the victim's phone number. Once they gained control over SMS and email, the hackers reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges.
Funds from these accounts were instantly withdrawn. According to the FBI, losses from such attacks in the U.S. alone exceeded $68 million in 2021. This is just the tip of the iceberg: real losses, especially on an international level, amount to hundreds of millions of dollars. Personally, I have repeatedly warned: using SMS for 2FA is an anachronism that makes even the most secure wallets vulnerable.
Money laundering scheme and international cooperation
The stolen assets quickly spread through a branched financial network. The investigation revealed tens of millions of zlotys (several million dollars) in circulation. Personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets were used. The Krakow Prosecutor's Office, overseeing the case, notes that the criminals viewed this scheme as a permanent source of income.
Notably, this is not the first time Polish law enforcement has worked in conjunction with the FBI. Previously, similar international investigations led to the dismantling of cryptocurrency money laundering networks in Europe. The most prominent example is the theft of approximately $400 million from the bankrupt FTX exchange in 2022, where SIM-swap attacks were also employed.
The CBZC has not yet disclosed the names of the detainees or published their photos, citing the ongoing investigation. Unconfirmed information has appeared on social media linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this. One thing is clear: the case remains open, and further arrests may follow.
My verdict: This operation is another wake-up call for the entire crypto industry. Until exchanges and users switch to hardware keys or biometrics, SIM-swap will remain the cheapest and most effective weapon for hackers. Regulators should consider: perhaps it's time to mandate telecom operators to implement stricter number porting protocols.