A network of SIM swappers has been dismantled: a joint operation by Poland and the FBI
The Central Cybercrime Bureau of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The attackers' primary tool is SIM swapping, a method that allows them to intercept control over victims' phone numbers to gain access to their cryptocurrency accounts.
Attack Scheme: From Social Engineering to Exchange Account Takeover
Analysis of the investigation shows that the group operated using a well-established, yet no less dangerous, scheme. Initial infiltration into the IT systems of companies collaborating with telecom operators was achieved not through technical hacking, but via social engineering methods. Specialized malware and psychological manipulation allowed the criminals to gain access to employees' corporate email. This gave them the key to managing SIM cards.
By launching a SIM swap attack, the perpetrators cloned victims' numbers. Gaining control over SMS and email, they reset passwords, bypassed two-factor authentication (2FA), and seized accounts on cryptocurrency exchanges. Digital assets were then instantly withdrawn. This scheme clearly demonstrates a critical vulnerability: many services still rely on phone number-based account recovery, making them easy targets.
Scale and Consequences: Money Laundering of Millions and International Cooperation
The stolen funds did not remain in one place. The investigation established that the money was quickly distributed across a sprawling financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. According to prosecutors, the volume of laundered funds amounts to tens of millions of zlotys, equivalent to several million US dollars. This is comparable to other major European cryptocurrency money laundering networks dismantled over the past year.
Notably, the FBI and HSI joined the investigation, indicating the international nature of the crime. Victims or infrastructure are located outside of Poland. Such cooperation is becoming the standard for combating cross-border cybercrime in the crypto industry. The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation, but unconfirmed rumors circulate online linking one of them to the well-known pseudonym Merry.
Expert Opinion: This operation is yet another reminder that the security of crypto assets directly depends on the hygiene of the services you use. Relying on SMS authentication today is an unacceptable luxury. Using hardware security keys (e.g., YubiKey) or authenticator apps (Google Authenticator, Authy) is not paranoia, but a basic requirement for anyone storing significant amounts in digital assets. Criminals are constantly refining their social engineering methods, and your phone is the weakest link in this chain.