Polish Police Arrest Four Members of International Crypto SIM-Swap Gang with FBI Support

Polish law enforcement arrested four members of an international cryptocurrency crime ring on June 25, dismantling a group that allegedly stole millions of dollars through SIM-swap attacks targeting crypto holders. The operation, conducted with support from the FBI and Homeland Security Investigations (HSI), represents a significant escalation in cross-border law enforcement coordination against crypto-related crimes.

SIM-swap attacks exploit a critical vulnerability in telecom security. Criminals contact mobile carriers and convince them to transfer a victim's phone number to a new SIM card under the attacker's control. Once the number is reassigned, the attacker can bypass two-factor authentication codes sent via SMS, gaining access to cryptocurrency exchange accounts and digital wallets. The stolen funds are then moved through mixers or bridges to obscure their trail.

The gang's operational scale underscores the profitability of this crime vector. SIM-swap attacks have plagued the crypto industry since at least 2019, when Twitter CEO Jack Dorsey's account was compromised through the technique. The attacks have since expanded to target thousands of cryptocurrency holders, many of whom lost six or seven-figure sums. Unlike ransomware attacks or exchange hacks that affect broad populations, SIM-swap crimes are highly targeted, with attackers often researching victims for weeks before striking.

The involvement of both Polish authorities and U.S. federal agencies signals a shift in how law enforcement treats cryptocurrency crime. International cooperation on crypto-related cases has intensified over the past two years, following successful operations against ransomware groups and exchange hackers in 2023 and 2024. The FBI and HSI have prioritized cryptocurrency theft as a national security concern, given the speed at which stolen funds move across borders and the difficulty of recovering them once converted to other assets.

However, the arrest addresses only one criminal group operating in a global ecosystem. New SIM-swap gangs continue to emerge, and the fundamental vulnerability remains with telecom providers themselves. Carriers still rely on outdated identity verification processes that criminals can manipulate through social engineering. Some security researchers argue that law enforcement resources would be better directed at systemic telecom security reforms, such as mandatory multi-factor authentication for number transfers or port-out protections that require in-person verification.

The case also raises questions about resource allocation. SIM-swap attacks, while devastating to individual victims, affect a smaller population than exchange hacks or ransomware campaigns. Some law enforcement officials and industry observers contend that focusing on telecom security standards and regulatory requirements would prevent more theft than prosecuting individual gangs after the fact.

For cryptocurrency users, the arrest is a reminder that SIM-swap remains a credible threat. Security best practices include enabling account lockdowns on exchange accounts, using hardware wallets that don't rely on phone-based authentication, and contacting carriers to add extra security pins to accounts. The broader lesson is that cryptocurrency security depends not only on individual user behavior but on the security posture of third-party services like exchanges and telecom providers.