Joint operation of Poland and the FBI: A network of cryptocurrency thieves through SIM swapping has been dismantled.
Poland's Central Cybercrime Bureau (CBZC), with support from the FBI and the U.S. Homeland Security Investigations (HSI), has conducted a large-scale operation resulting in the detention of four key figures of an international criminal group. The perpetrators specialized in stealing digital assets using SIM-swap technology.
The detainees are charged with creating an organized criminal group, unauthorized access to computer systems, and money laundering. The court has ordered pretrial detention for all four. The maximum penalty they face is up to 25 years in prison.
Anatomy of the Attack: From Social Engineering to Exchange Account Takeover
As the investigation revealed, the scheme was carefully planned and consisted of several stages. Initially, the criminals gained access to the IT systems of companies cooperating with telecommunications operators. Interestingly, the initial breach occurred not through technical hacking, but via social engineering methods and phishing attacks on corporate email.
Having obtained the necessary data, the group launched SIM-swap attacks. The perpetrators cloned or intercepted victims' phone numbers, gaining full control over their SMS messages and email. This allowed them to reset passwords, bypass two-factor authentication (2FA), and take over user accounts on cryptocurrency exchanges.
Subsequently, the stolen assets were transferred to controlled wallets. The scheme exploits a fundamental vulnerability: despite repeated warnings about the insecurity of SMS verification, many services still allow account recovery via phone number. According to the FBI, losses from such attacks in the U.S. alone exceeded $68 million in 2021.
Financial Trail and International Cooperation
The stolen funds quickly dispersed through a sprawling financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency crypto wallets. The prosecutor's office estimates the scale of money laundering at tens of millions of zlotys (several million U.S. dollars).
The investigation is coordinated by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI clearly indicates the cross-border nature of the crime — victims or infrastructure are located outside Poland. This is further confirmation that international crimes in the crypto industry require coordinated efforts from law enforcement agencies in different countries. Similar cooperation was observed during the arrests of organizers of other major SIM-swap schemes.
The CBZC, established in 2022, has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed information circulates online about a connection between one of the accused and the well-known pseudonym Merry. Officials do not comment on these rumors but indicate that the case remains open and further arrests are possible.
Analyst's Comment: This operation is a powerful signal for the entire crypto community. Using SIM cards as the sole factor for 2FA is an anachronism that makes users easy prey. Investors are strongly advised to switch to hardware security keys (e.g., YubiKey) or time-based one-time password (TOTP) authenticators to minimize risks. Law enforcement, in turn, demonstrates growing effectiveness in combating cybercrime, but the responsibility for asset security lies primarily with the users themselves.