Polish police arrested four people in a SIM swap ring that stole from crypto exchanges and laundered roughly $15 million. The FBI and HSI assisted the raid.
Alpha Score of 67 reflects moderate overall profile with moderate momentum, strong value, strong quality, moderate sentiment.
Polish authorities arrested four people in a SIM swap operation that drained cryptocurrency exchange accounts and laundered tens of millions of zlotys. The Central Bureau for Combating Cybercrime (CBZC) led the raid with on-the-ground support from FBI and Homeland Security Investigations agents. The Kraków Regional Prosecutor's Office is handling the case.
The suspects face charges of organized crime, unauthorized computer access, and money laundering. Each could serve up to 25 years in prison. Polish prosecutors estimate the laundered amount at roughly $15 million at current exchange rates, though the investigation remains open.
A SIM swap attack starts when the attacker convinces a phone carrier to transfer a victim's phone number to a SIM card the attacker controls. Once the criminal holds the number, they intercept SMS-based two-factor authentication codes, which many crypto exchanges still rely on for account recovery and withdrawals.
The CBZC said the group first broke into the IT systems of companies that work with telecom operators. Using social engineering and custom software, they compromised employee email accounts. That access let them clone phone numbers, then hijack exchange accounts. Stolen funds moved through personal bank accounts in Poland and abroad, international payment platforms, and digital wallets holding various currencies.
Blockchain investigator ZachXBT linked one of the detained individuals to Wojtek Kulisz, a social engineer known online as “Merry.” Zach pointed out that designer clothing and jewelry visible on Kulisz's public Instagram account matched items photographed by Polish authorities during the seizure. The CBZC has not officially confirmed his identity.
Polish authorities released no names or photos. The four suspects remain in pretrial detention.
SIM swap attacks are a persistent vulnerability for anyone using SMS-based authentication on crypto accounts. Exchanges that require app-based authenticators like Google Authenticator or hardware security keys are less exposed. The group specifically targeted crypto platforms, suggesting they prioritized accounts where SMS codes were the only gate.
Readers who rely on SMS 2FA for exchange access should consider upgrading to an authenticator app or a hardware key. That single change blocks the vector these attackers used. For a list of brokers that support stronger authentication, see our best crypto brokers guide.
International law enforcement has stepped up crypto-crime operations in recent months. In March, the FBI and Thai police froze about $580 million in cryptocurrency tied to Southeast Asian fraud compounds. In late May, the FBI's Operation Blackout seized over $8 billion in assets, including more than 127,000 Bitcoins linked to a transcontinental scam network. The Polish raid fits that wider pattern.
What makes this case notable is the focus on telecom infrastructure rather than phishing or malware. The group did not target victims directly; they went after the phone carriers' business partners. That approach requires technical skill and inside knowledge of carrier systems. The arrests may reveal whether the group operated independently or as part of a larger network.
The investigation is ongoing. No court date has been set.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.