In a coordinated international crackdown, Poland’s Central Bureau for Combating Cybercrime, working alongside the FBI and U.S. Department of Homeland Security Investigations, detained four individuals accused of orchestrating a sophisticated SIM swap scheme. Authorities allege these suspects targeted accounts on cryptocurrency exchanges, stealing digital assets and laundering the proceeds through bank accounts and digital wallets.
Scope of the operation
Announced on June 25, the operation revealed that Polish officials believe the suspects operated as an organized group, moving millions of zlotys in illicit funds. Prosecutors estimate the total laundered amount surpassed tens of millions of zlotys, roughly equivalent to $15 million at current exchange rates.
Polish authorities confirmed that four individuals were detained in connection with SIM swap attacks aimed at cryptocurrency exchange accounts, and emphasized the investigation remains ongoing.
Investigators reported that the group first infiltrated the IT systems of companies servicing telecommunications operators. Using methods such as social engineering and custom-developed software, they gained access to employee email accounts. This access enabled them to duplicate victims’ phone numbers, which were then diverted to the suspects’ control.
Mini glossary: A SIM swap attack is a method of account takeover by transferring a person’s phone number to a different SIM card via their telecom operator. Attackers then intercept one-time SMS authentication codes, giving them access to exchange and email accounts.
How crypto accounts were compromised
According to case files, once the suspects gained control over victims’ SMS and email channels, they seized crypto exchange accounts and systematically emptied the balances. The stolen assets were then funneled through Polish and foreign personal bank accounts, global payment platforms, and an array of digital wallets tied to different assets.
Blockchain analyst ZachXBT linked one of the suspects to Wojtek Kulisz, a social engineering specialist known online as “Merry.” While Polish authorities have not released names or photographs, ZachXBT claimed that clothing and jewelry displayed on a public Instagram account matched items seized in the raid, as seen in confiscation images.
Within the scope of the investigation, the four suspects face charges including participating in a criminal organization, theft via unauthorized access to information systems, and money laundering.
The investigation continues
All four individuals have been placed in pre-trial detention and could face up to 25 years in prison if convicted. Officials emphasized that the investigation is still in progress as authorities continue to unravel the network’s full extent.
This operation stands out as a recent example of international cooperation in the fight against crypto crime. In March, the FBI and Thai police froze cryptocurrencies worth approximately $580 million linked to Southeast Asian scam networks. At the end of May, the FBI’s Blackout Operation led to the seizure of more than $8 billion in assets, including over 127,000 Bitcoin.
