
Polish authorities detained four suspects over SIM‑swap crypto thefts and money laundering. ZachXBT linked the group to a known threat actor. The suspects face up to 25 years.
Alpha Score of 74 reflects strong overall profile with moderate momentum, strong value, strong quality, moderate sentiment.
Polish authorities placed four individuals under preventive custody on charges of computer fraud and money laundering tied to SIM-swap attacks and cryptocurrency theft. The estimated volume of laundered funds exceeds tens of millions of Polish zlotys, according to official records. The suspects face prison sentences of up to 25 years under Polish law.
The arrests follow an investigation that involved blockchain investigator ZachXBT. He publicly linked the operation to a known threat actor. ZachXBT did not name the actor in his initial post. He said the group had been active in targeting crypto exchange accounts through phone-number hijacking.
SIM-swap attacks work by tricking a mobile carrier into transferring a victim's phone number to a SIM card controlled by the attacker. The attacker first gathers personal details, such as date of birth and address, from data breaches or social engineering. They then contact the carrier posing as the target, claiming a lost phone or SIM, and request the transfer. Carriers differ in verification protocols, and some are easier to bypass. Once the number is swapped, SMS-based two-factor authentication codes route to the attacker. The attacker can then drain exchange wallets and move funds through mixers or peer-to-peer platforms. The method has been used in a number of high-profile crypto thefts over the past two years.
The Polish case highlights the cross-border nature of crypto-related crime. ZachXBT's involvement suggests the investigation relied on on-chain analysis to trace stolen funds through multiple blockchain hops. In his public posts, ZachXBT has described following crypto transactions across blockchains to identify wallets linked to threat groups. Polish prosecutors did not disclose whether the suspects operated from within the country or coordinated with actors abroad.
The four individuals remain in custody pending trial. No trial date has been set. The maximum 25-year sentence applies to the most severe money-laundering counts under Poland's penal code. Actual sentences often fall below that ceiling.
The anonymity of crypto transactions complicates prosecution. Law enforcement agencies globally have stepped up cooperation with blockchain analytics firms to identify wallet clusters linked to theft rings. The Polish case fits a broader pattern of European law enforcement targeting phone-based crypto theft, with similar arrests in other countries, according to public reports.
For crypto investors, the arrests are a reminder that SIM-swap vulnerabilities remain a gap in personal security. A compromised phone number can bypass account protections even when exchanges enforce withdrawal whitelists and cold storage limits. Investors who rely solely on SMS-based two-factor authentication are the primary targets.
ZachXBT called the Polish arrests a positive step. He warned that many SIM-swap groups remain active. He encouraged exchange users to switch from SMS-based authentication to hardware security keys or app-based authenticators.
Hardware keys require physical possession and cannot be intercepted by a SIM swap. App-based authenticators like Google Authenticator link to the device, not the phone number. Major exchanges now support these options. Adoption among retail users lags.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.