The FBI helped take down a SIM-swap hacker gang that laundered digital assets on a massive scale, and four arrests followed | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Four people have been arrested in Poland after authorities said they helped run a cybercrime operation built around SIM-swap attacks, cryptocurrency theft, and large-scale money laundering. The case was led by Poland’s Central Bureau for Combating Cybercrime, with active support from U.S. federal agents from the FBI and Homeland Security Investigations.

The arrests matter because the alleged scheme did not depend only on flashy hacking. According to Polish investigators, the group targeted a very ordinary part of modern life: the phone number. Once criminals control that number, the text messages, email recovery links, and account alerts many people rely on can become keys to someone else’s money.

Four suspects detained

Polish cybercrime officers said they detained four alleged members of an organized criminal group involved in advanced cyberattacks, digital asset theft, and money laundering. The investigation is being supervised by the Regional Prosecutor’s Office in Kraków.

All four suspects were placed in pretrial detention after a court accepted a request from prosecutors. They face accusations including participation in an organized criminal group, computer-system break-ins, theft, and money laundering. If convicted, they could face up to 25 years in prison.

Authorities described the arrested suspects as key figures in the operation. At the same time, Polish police said the case remains active, and more arrests have not been ruled out.

How the SIM-swap scheme worked

So, what is a SIM swap? In simple terms, it is the takeover of someone’s phone number. The victim may suddenly lose cell service, while the attacker starts receiving calls, texts, and security codes meant for that person.

Polish investigators said the group used specialized software and social engineering to break into systems connected to telecommunications operators, as well as employee email accounts. That access allegedly helped them clone or take over victims’ phone numbers.

Once the attackers controlled SMS and email channels, they could move into cryptocurrency exchange accounts, according to the CBZC statement. The phone number became a back door into digital wallets and trading accounts.

Crypto accounts became the prize

For many people, a phone number feels harmless. It is what you give to a bank, a delivery app, a crypto exchange, and maybe a dozen other services without much thought.

That is exactly why SIM swapping is so dangerous. The FBI has warned that criminals use the method to steal money from both traditional accounts and virtual currency accounts, often by defeating SMS-based two-factor authentication.

In this case, Polish authorities said the attackers moved the digital assets quickly into what appeared to be legitimate financial circulation. The funds allegedly passed through personal bank accounts in Poland and abroad, international payment platforms, and multi-currency digital wallets.

Tens of millions laundered

The CBZC estimated that the group legalized more than “tens of millions” of Polish zlotys from criminal activity. Authorities did not publish an exact amount, so a precise dollar conversion is not possible.

Still, the scale is clear enough. On June 27, 2026, one Polish zloty was worth about $0.27, which means even 10 million zlotys would equal roughly $2.66 million. Since Polish officials described the amount as exceeding tens of millions of zlotys, the alleged laundering operation sits well into the multimillion-dollar range.

That money trail is also the reason this is not just a phone scam story. It is a financial crime case, a telecom security case, and a crypto custody warning all at once.

A digital forensics specialist analyzes computer equipment and storage devices during a cybercrime investigation linked to a SIM-swap operation that allegedly stole and laundered cryptocurrency.

Why U.S. agencies were involved

The presence of FBI and HSI agents points to the international nature of the case. Cybercrime rarely stays inside one border, especially when stolen crypto can move across exchanges, wallets, and payment platforms in minutes.

The FBI’s own 2025 Internet Crime Report shows why U.S. agencies are paying attention to this kind of fraud. The bureau said cyber-enabled crimes defrauded Americans of nearly $21 billion in 2025, while cryptocurrency-related complaints produced more than $11 billion in reported losses.

That does not mean the Polish case caused those U.S. losses. However, it shows the same broader problem. Criminals are not only attacking computers anymore. They are attacking the recovery systems people use when they forget a password or get locked out.

The weak spot is still SMS

For years, text-message codes were treated as a simple security upgrade. They are still better than using only a password, but they are not the strongest shield available.

The FBI recommends stronger multi-factor authentication methods, including biometrics, physical security keys, or standalone authentication apps. It also advises people not to advertise cryptocurrency holdings, phone numbers, addresses, or other personal details online.

That advice may sound basic, but it matters. A cybercriminal does not always need to “break” a blockchain when a customer-service process, a stolen employee inbox, or one exposed phone number can open the door.

What users should watch for

One warning sign is sudden loss of phone service. If your phone stops receiving calls or texts without an obvious reason, it is worth contacting your carrier immediately.

Another red flag is a wave of account alerts, password-reset emails, or login notices you did not request. Do not ignore them. In a SIM-swap attack, minutes can matter.

For crypto users, the safer path is to move away from SMS codes wherever possible. Use an authenticator app, a hardware security key, and unique passwords stored in a password manager. It is not glamorous. It works.

A case that is still unfolding

Polish authorities have not disclosed the names of the victims, the targeted exchanges, or the seized accounts. The CBZC said those details are being withheld because of the ongoing investigation and its international component.

That caution is important. The arrests are serious, but the suspects are still accused, not convicted. What happens next will depend on prosecutors, the court process, and any further evidence gathered by investigators.

For now, the message is simple. Your phone number is part of your financial security, whether you treat it that way or not.

The official statement was published on the Central Bureau for Combating Cybercrime.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW