Polish Police Arrest Four Over SIM Swap Crypto Thefts

Polish authorities arrested four people linked to a string of cyberattacks, SIM swaps, and cryptocurrency theft. The June operation involved Poland's Central Cybercrime Bureau (CBZC) with support from the FBI and Homeland Security Investigations. Prosecutors in Kraków are overseeing the case.

The suspects are accused of targeting IT systems tied to telecom partners and employee email accounts, according to investigators. They used social engineering and specialized software to gain access, then performed SIM swap attacks – cloning victims' phone numbers to intercept SMS and email. That gave them control over crypto exchange accounts.

Once inside the accounts, the group moved stolen cryptocurrency through domestic and international bank accounts, payment platforms, and multi-currency digital wallets to launder the funds. Authorities say the amount laundered exceeds tens of millions of Polish zlotys. The suspects face charges including participation in an organized criminal group, hacking-related theft, and money laundering, with penalties up to 25 years in prison. Courts have approved pre-trial detention for all four.

Separately, on-chain investigator ZachXBT alleged that one of the detainees may be a Polish threat actor known online as "Merry." The claim was based on luxury items visible in raid footage that matched items the actor had previously posted on social media.

Authorities have not confirmed any identities. They said details about victims, affected exchange accounts, and seized assets will remain undisclosed while the investigation continues.