Crypto news

26.06.2026
05:40

A major operation against SIM-swapping: Poland and the FBI detain a group involved in cryptocurrency theft

The Central Bureau for Combating Cybercrime of Poland (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation. As a result, four suspects were detained who were part of an organized group specializing in stealing digital assets through SIM swapping. This operation serves as another reminder of how vulnerable two-factor authentication tied to a phone number can be.

The detainees have been charged with creating a criminal organization, unlawful access to computer systems, and money laundering. The court has already ordered pretrial detention for all four. If convicted, they face up to 25 years in prison.

How the SIM swapping scheme worked

The criminals' method was classic, but no less effective for it. They gained initial access to IT infrastructure not through technical hacking, but via social engineering. Using specialized software and psychological manipulation, the attackers gained access to the corporate email of employees at companies that collaborated with telecom operators.

The group then launched SIM swapping—cloning or intercepting victims' phone numbers. By gaining control over SMS and email, the criminals reset passwords, bypassed two-factor authentication, and took over accounts on cryptocurrency exchanges. After that, digital assets from these accounts were withdrawn.

According to the FBI, losses from SIM swapping in the U.S. alone exceeded $68 million in 2021. This figure covers both bank accounts and crypto wallets. The problem is that many services still allow account recovery via phone number, making them easy targets.

International investigation and money laundering

The stolen funds quickly spread through a vast financial network. The prosecutor's office noted that the criminals viewed these schemes as a steady source of income. They used personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets.

The scale of money laundering is estimated at tens of millions of zlotys—several million dollars. This is comparable to other European cryptocurrency money laundering networks dismantled over the past year.

The investigation is overseen by the Regional Prosecutor's Office in Krakow, and the involvement of the FBI and HSI indicates that victims or infrastructure are located outside Poland. International crimes in the crypto industry increasingly require cooperation between agencies from different countries. Similar collaboration was seen when the FBI arrested the organizers of other SIM swapping schemes.

The CBZC has not yet disclosed the names of the suspects or published their photos, explaining that the investigation is ongoing. At the same time, the agency released a video of the arrest operation. Unconfirmed reports on social media suggest that one of the accused is linked to the well-known pseudonym Merry, but the police have not commented on this information.

Cryptalist Analysis: This operation is a clear signal for all market participants. The cryptocurrency industry, despite its technological sophistication, still heavily relies on outdated authentication methods. Using SMS for 2FA is a ticking time bomb. I recommend everyone switch to hardware wallets and authenticator apps. Law enforcement agencies, for their part, are demonstrating that there are no borders for them when it comes to recovering stolen assets. I expect this case to lead to further arrests and harsher sentences for the organizers of such schemes.