Poland busts SIM-swapping gang tied to millions in crypto theft

Poland busts SIM-swapping gang tied to millions in crypto theft By Bill Toulas June 25, 2026 06:37 PM 0 Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. The operation was carried out by the Polish Cybercrime Bureau (CBZC) with support from the FBI and Homeland Security Investigations (HSI) in the United States. According to investigators, the suspects carried out sophisticated cyberattacks to obtain data used in SIM-swapping attacks. They hijacked victims' phone numbers, intercepted SMS messages and email communications, and ultimately gained control of accounts at cryptocurrency exchanges. It is estimated that millions of U.S. dollars have been stolen this way and then laundered "via a distributed financial network." “Using specialized software and social engineering, the perpetrators gained unauthorized access to the infrastructure of entities cooperating with telecommunications operators and employee email accounts,” reads CBZC’s announcement (automated translation). “The data obtained in this way enabled so-called SIM swap attacks, which involve the illegal cloning and takeover of victims' phone numbers.” Polish authorities comment that the actors treated these activities as “a regular source of income,” using multiple bank accounts across various countries and digital wallets to transfer the stolen funds. “It is estimated that the total value of the funds laundered in this manner exceeds several tens of millions of Polish złoty,” mentions CBZC, which would translate into at least $5 million based on the current exchange rate. The four arrested individuals, who have all been placed in pre-trial detention, now face offenses of participation in an organized criminal group, hacking into IT systems to commit theft, and money laundering. The maximum penalty for these offenses is 25 years in prison. Although CBZC didn’t name any of the threat actors arrested in this action, blockchain crime investigation ZachXBT identified one of them as Wojtek Kulisz, aka “Merry,” based on the images the authorities released from the police raid. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Authorities dismantle 'AudiA6' ransomware crypto-laundering service Dark web Nemesis Market vendor gets 26 years for selling drugs INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers DraftKings hacker 'Snoopy' sentenced to 18 months in prison FBI: Cybercriminals steal health data posing as fraud investigators