Crypto news

26.06.2026
05:25

Polish law enforcement and the FBI have disrupted the activities of a group involved in SIM swap attacks.

The Central Bureau for Combating Cybercrime of Poland (CBZC), together with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the detention of four members of an organized criminal group. The perpetrators' main tool was SIM swap attacks, which allowed them to intercept control over victims' mobile phone numbers and gain access to their cryptocurrency accounts.

The investigation established that the group operated according to a complex but well-known scheme. They gained initial access to the information systems of telecommunications companies not through technical hacking, but through social engineering methods and malware targeting corporate email. After seizing control of a victim's number, the criminals reset passwords to crypto exchanges and, bypassing two-factor authentication, emptied the accounts.

According to investigators, the scale of money laundering from criminal proceeds amounts to tens of millions of zlotys, equivalent to several million dollars. The stolen assets were quickly distributed across an extensive financial network, including bank accounts in Poland and abroad, as well as multi-currency crypto wallets. Notably, the accused viewed this activity as a permanent source of income.

It is important to emphasize that this international cooperation is not an isolated case. In the United States, similar cases are investigated regularly, and losses from SIM swap attacks in 2021 exceeded $68 million. The joint work of Poland and the FBI indicates that the infrastructure and victims are located not only within Poland's territory. This once again confirms the global nature of crimes in the crypto industry.

The CBZC has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed data circulates online about a connection between one of the suspects and the well-known pseudonym Merry, but there is no official confirmation of this information. The agency has already published a video of the detention and states that the case remains open, with possible new arrests ahead.

Expert opinion: This case is another reminder that SIM swapping remains one of the most dangerous and profitable threats for cryptocurrency holders. As long as telecommunications companies do not tighten procedures for restoring access via phone numbers, and users do not switch to hardware keys for 2FA, such attacks will continue. International cooperation among law enforcement agencies is the only effective way to combat cross-border cybercrime.