Poland Busts SIM Swapping Gang Behind Crypto Theft
A phone number has long served as a key to your finances, no less than a banking password. Now Polish law enforcement has exposed a group that built its attacks around exactly that kind of access.
Poland’s Central Bureau for Combating Cybercrime (CBZC) detained four suspected members of an organized crime group. Investigators link the group to digital asset theft and money laundering worth tens of millions of zlotys.
Agents from the FBI and the U.S. Homeland Security Investigations (HSI) supported the operation. The Regional Prosecutor’s Office in Kraków oversees the case.
How the SIM Swapping Scheme Worked
According to the investigation, the group members breached the systems of organizations tied to telecom operators. They also compromised employees’ mailboxes. To do so, they combined specialist software with social engineering.
That access opened the door to SIM swapping attacks. In this scheme, criminals illegally clone or hijack a victim’s phone number. Then they gain control over SMS and email. Through these channels flowed the confirmation codes and account-recovery messages.
After seizing the number and the mailbox, the group took over accounts on cryptocurrency exchanges. Next, they drained the assets stored there. The source does not name the affected platforms or the exact number of victims, because the investigation continues and spans several countries.
Laundering Tens of Millions of Zlotys
The stolen funds moved quickly through a sprawling financial network. For transfers, the group used personal bank accounts in Poland and abroad, international payment platforms, and multi-currency digital wallets. Investigators estimate the laundered total at more than several tens of millions of zlotys.
Charges and Detention
The suspects face several charges. These include participation in an organized crime group, burglary of information systems, and money laundering.
At the prosecutor’s request, the court placed all four suspects under temporary arrest. In Poland, such crimes can carry up to 25 years in prison.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.