Crypto news

26.06.2026
06:10

Poland and the FBI struck a blow against a group that stole cryptocurrency through SIM swapping.

The Central Cybercrime Bureau of Poland (CBZC), in cooperation with the FBI and the U.S. Homeland Security Investigations (HSI), conducted a large-scale operation resulting in the arrest of four members of an organized criminal group. The perpetrators specialized in stealing digital assets using the SIM-swapping method—intercepting control over victims' phone numbers.

The detainees have been charged with creating a criminal organization, unauthorized access to computer systems, and money laundering. The court ordered pretrial detention for all four. The maximum penalty they face is up to 25 years in prison. This case is a striking example of how classic social engineering methods are being adapted to modern cryptocurrency realities.

How the Cryptocurrency Theft Scheme Worked

The group's methodology was multi-stage and well-thought-out. Initial access to the IT systems of companies collaborating with telecom operators was obtained not through technical hacking, but via social engineering methods and specialized software for intercepting employees' work correspondence. After gaining the necessary access, the criminals launched SIM-swap attacks, cloning or intercepting the phone numbers of their targets.

Control over SMS messages and email allowed them to reset passwords and bypass two-factor authentication (2FA). After that, accounts on cryptocurrency exchanges came under the full control of the group, and assets were withdrawn. The scheme exploits a fundamental vulnerability: many services still allow account recovery via phone number, making them vulnerable to attacks on telecom infrastructure.

According to the investigation, damages from SIM-swap attacks in the U.S. alone exceeded $68 million in 2021, including losses from both bank and cryptocurrency accounts.

Money Laundering and International Investigation

The stolen funds were quickly distributed through an extensive financial network. This involved personal bank accounts in Poland and abroad, payment services, and multi-currency cryptocurrency wallets. The prosecutor's office noted that the suspects viewed this scheme as a permanent source of income. The scale of money laundering, according to investigators, amounts to tens of millions of zlotys (several million U.S. dollars), comparable to other European cryptocurrency laundering networks dismantled over the past year.

The investigation is overseen by the Regional Prosecutor's Office in Krakow. The involvement of the FBI and HSI indicates that the victims or infrastructure are located outside Poland. International crimes in the crypto industry increasingly require joint efforts from agencies in different countries. Similar cooperation was observed during the FBI's arrest of organizers of other SIM-swapping schemes.

The CBZC, established in 2022, has not yet disclosed the names of the detainees, citing the ongoing investigation. Unconfirmed information has appeared on social media that one of the accused may be linked to the well-known pseudonym Merry, but the police have not commented on this. The case remains open, and further arrests may follow.

Expert opinion: This case is yet another reminder of the critical importance of using hardware security keys (e.g., YubiKey) instead of SMS authentication. Until the industry and regulators address the vulnerability of telecom infrastructure, SIM-swap attacks will remain one of the most effective tools in cybercriminals' arsenals.