Poland Arrests Four in SIM-Swapping Gang Behind Millions in Crypto Theft

Polish law enforcement has arrested four individuals connected to an organized cybercrime group that used SIM-swapping attacks to steal and launder millions of dollars worth of cryptocurrency. The operation was led by the Polish Cybercrime Bureau (CBZC) with assistance from the FBI and Homeland Security Investigations (HSI).

How the Attacks Worked

According to CBZC, the group used specialized software and social engineering to compromise the infrastructure of companies working with telecommunications operators, as well as employee email accounts at those organizations. The data harvested from these intrusions enabled SIM-swapping attacks, which the bureau describes as the illegal cloning and takeover of victims’ phone numbers.

Once a victim’s number was under the group’s control, the attackers intercepted SMS messages and email communications, giving them the ability to bypass multi-factor authentication and seize accounts held at cryptocurrency exchanges.

Scale of the Operation

CBZC estimates the total value of laundered funds exceeds several tens of millions of Polish zloty, equivalent to at least $5 million at current exchange rates. Investigators noted that the suspects treated the scheme as a regular income source, routing stolen funds through multiple bank accounts across different countries and a network of digital wallets.

Blockchain investigator ZachXBT identified one of the arrested individuals as Wojtek Kulisz, known online as “Merry,” based on images released by authorities from the police raid. CBZC itself did not name any of the suspects.

Charges and Potential Penalties

All four suspects have been placed in pre-trial detention. They face charges that include:

• Participation in an organized criminal group
• Unauthorized access to IT systems to commit theft
• Money laundering

The maximum penalty under Polish law for the combined offenses is 25 years in prison.

Broader Context

The case underscores the continued threat SIM swapping poses to cryptocurrency holders and the value of cross-border law enforcement coordination. Telecom supply chain access, where attackers target partners and contractors rather than carriers directly, remains a persistent weak point that allows threat actors to bypass controls at scale without ever confronting the primary operator’s defenses head-on.