Polish Cyber Police Arrest Four In SIM-Swap Crypto Theft Case

Poland’s Central Bureau for Combating Cybercrime detained four suspected members of an organized criminal group accused of cyberattacks, cryptocurrency theft and money laundering. FBI and Homeland Security Investigations agents supported the operation, while the Regional Prosecutor’s Office in Krakow is supervising the case.

The suspects allegedly targeted IT systems used by companies cooperating with telecommunications operators, along with employee email accounts. The group is accused of using specialized software and social engineering to gain unauthorized access to infrastructure that could be used for account takeovers.

That access allegedly enabled SIM-swap attacks, where criminals take control of a victim’s phone number and use it to bypass security checks, reset passwords and seize online accounts. In crypto cases, control of SMS and email recovery channels can give attackers enough access to drain exchange balances before the victim regains control.

Crypto Exchange Accounts Were Drained

The alleged attacks led to unauthorized access to cryptocurrency exchange accounts and the theft of digital assets. Once the attackers controlled communication channels tied to victims, they could intercept security messages, complete account recovery steps and move funds out of exchange accounts.

SIM-swap attacks remain a high-risk account-takeover method because many platforms still use phone numbers or email access during login recovery. Even when two-factor authentication is active, weak recovery flows can leave users exposed if a telecom account or mailbox is compromised.

The arrests extend a wider enforcement push against crypto-related cybercrime and fraud networks. U.S. agencies have also escalated actions around online investment scams, including FBI-linked scam-compound crackdowns tied to more than $8 billion in fraud and warnings over crypto scammers using couriers to collect cash from victims.

Laundering Network Moved Funds Across Accounts

The stolen funds were allegedly moved through a distributed laundering network built around personal bank accounts in Poland and abroad, international payment platforms and multi-currency digital wallets. The total value of funds allegedly legalized through the network exceeded several dozen million zloty.

The laundering claims place the case in the same enforcement category as broader crypto-crime infrastructure actions, including a recent DOJ seizure targeting a cloud account used in a crypto laundering marketplace.

The suspects face charges including participation in an organized criminal group, theft through breaches of information systems and money laundering. The alleged offenses carry a prison sentence of up to 25 years.