Crypto news

26.06.2026
04:53

SIM-swap for millions: how Poland and the FBI dismantled an international cryptocurrency theft network

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), has conducted a large-scale operation resulting in the detention of four members of an organized criminal group. These perpetrators specialized in stealing digital assets through SIM-swap attacks—a sophisticated method where fraudsters intercept control over victims' phone numbers.

How the Criminal Scheme Worked

The investigation established that the criminals did not directly hack systems. They used social engineering techniques and specialized software to gain access to the corporate email of companies cooperating with telecom operators. Having obtained the necessary privileges, the group launched SIM-swap attacks: cloning or intercepting victims' phone numbers.

After gaining control over SMS and email, the attackers reset passwords, bypassed two-factor authentication, and obtained full access to accounts on cryptocurrency exchanges. The vulnerability is simple: despite repeated security warnings, many services still allow account recovery via phone number.

Scale and International Investigation

According to the FBI, losses from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021. In the current case, stolen funds were quickly dispersed through a sprawling financial network, including personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. Investigators estimate the volume of laundered funds at tens of millions of zlotys—several million dollars.

The Krakow Prosecutor's Office is coordinating the investigation, which has already extended beyond Poland's borders. The involvement of the FBI and HSI indicates that victims or infrastructure are located in the U.S. This is logical: international crimes in the crypto industry require joint efforts from agencies in different countries. One of the largest such operations was linked to the theft of approximately $400 million from the bankrupt FTX exchange in 2022.

CBZC has not yet disclosed the names of the detained individuals or published their photos, citing the ongoing investigation. Unconfirmed information has appeared on social media that one of the accused may be linked to the well-known pseudonym Merry, but the police have not commented on this version. The case remains open, and further arrests are not ruled out.

Expert opinion: This operation is yet another reminder that security based on SMS authentication is hopelessly outdated. Investors and exchanges should immediately switch to hardware keys or biometrics. Until the industry solves this systemic problem, such attacks will continue, and the damage will grow.