Polish authorities have detained four suspected members of a cybercrime group accused of carrying out SIM swap attacks targeting cryptocurrency platforms, resulting in the theft and laundering of digital assets worth tens of millions of Polish zlotys. The operation was conducted with support from the U.S. Federal Bureau of Investigation and Homeland Security Investigations.
how the scheme worked
Investigators said the group gained access to IT systems linked to telecommunications contractors by compromising employee email accounts through specialized tools and social engineering. This access allowed them to clone victims’ phone numbers, effectively taking control of accounts tied to those numbers, including digital wallets.
By hijacking phone numbers, the suspects were able to intercept SMS-based authentication codes, a common security layer used to access financial and cryptocurrency platforms.
laundering network uncovered
According to Poland’s Central Bureau for Combating Cybercrime (CBZC), stolen funds were moved through a network of domestic and international bank accounts, global payment processors, and multi-currency wallets to obscure their origin. Authorities estimate that the total value of laundered assets exceeds tens of millions of zlotys.
suspects face serious charges
All four individuals have been placed in pre-trial detention following a request from prosecutors. They face charges including participation in an organized criminal group, computer-assisted theft, and large-scale money laundering. Convictions could carry prison sentences of up to 25 years.
Officials have not released the identities of the suspects, citing the ongoing and cross-border nature of the investigation.
possible identification emerges
Onchain researcher ZachXBT said one of the detainees may be Polish national Wojtek Kulisz, also known online as “Merry.” The claim is based on apparent matches between luxury items shown in police footage and goods featured on the individual’s social media profiles. Authorities have not confirmed this identification.
broader risks of SIM swap attacks
The case highlights ongoing vulnerabilities tied to mobile phone-based authentication. SIM swapping allows attackers to bypass security systems not by breaking encryption, but by exploiting human and procedural weaknesses within telecom operations.
Once a number is transferred to a new SIM card, attackers can gain access to sensitive accounts that rely on SMS verification codes, including cryptocurrency wallets.
Recent data underscores the scale of the threat. The FBI’s Internet Crime Complaint Center reported $25.9 million in losses linked to SIM swap attacks in the United States in 2024. While lower than earlier years, the figures show the tactic remains effective.
security implications for users
The methods used in this case demonstrate the risks of relying on phone numbers as a core security layer. More secure alternatives include:
- app-based authentication tools
- hardware security keys
These options remove dependence on telecom providers, reducing exposure to SIM swap attacks as investigations into this case continue.
Want to stay ahead of SIM swap scams? Strengthen your defenses with our crypto safety standards guide.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
