Poland and the FBI neutralized an international group that was stealing cryptocurrencies through SIM swapping.
The Polish Central Cybercrime Bureau (CBZC), with operational support from the FBI and the U.S. Homeland Security Investigations (HSI), has conducted a large-scale operation resulting in the detention of four members of an organized criminal group. Specializing in SIM swap attacks, the perpetrators managed to steal millions of dollars in digital assets by hacking accounts on cryptocurrency exchanges.
Attack Mechanics: From Social Engineering to Wallet Takeover
The investigation established that the criminals did not use complex technical exploits for initial penetration. Their primary tool was social engineering — psychological manipulations that allowed them to gain access to the IT systems of companies cooperating with telecom operators. Using specialized software, they intercepted employees' work correspondence and then launched a SIM swap — the process of cloning or intercepting the victim's phone number.
Having gained control over SMS and email, the hackers reset passwords, bypassed two-factor authentication (2FA), and took over accounts on cryptocurrency exchanges. After that, digital assets were immediately withdrawn. This scheme exploits a long-standing vulnerability: many services still allow account recovery via phone number, making SIM swap one of the most dangerous attack vectors for cryptocurrency holders.
Financial Trail and International Cooperation
The stolen funds quickly dispersed through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. According to the prosecutor's office, the scale of money laundering amounts to tens of millions of zlotys, equivalent to several million dollars. This is comparable to similar European cryptocurrency money laundering networks dismantled over the past year.
Notably, the investigation is supervised by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. International crimes in the crypto industry increasingly require coordinated efforts between agencies from different countries. Such cooperation has already been observed in the FBI's arrests of organizers of other SIM swap schemes.
The CBZC has not yet disclosed the names or photographs of the detainees, citing the ongoing investigation. Unconfirmed information has appeared online linking one of the accused to the well-known pseudonym Merry, but the police have not commented on this. The detainees face up to 25 years in prison.
Expert Opinion: This case is yet another reminder that the crypto community must abandon SMS authentication in favor of hardware keys or authenticator apps. As long as telecom companies do not close vulnerabilities in SIM card recovery procedures, we will continue to see such attacks. The industry needs to transition to more robust security standards.