Poland Busts SIM-Swap Gang That Drained Crypto Accounts

Investigators say the crew treated this as a steady source of income, moving stolen funds through multiple bank accounts in different countries and a web of digital wallets. The CBZC describes the laundering as running through a distributed financial network. The agency puts the total laundered at more than several tens of millions of Polish zloty, which works out to at least 5 million US dollars at current exchange rates.

Why a SIM swap is so dangerous for crypto

A SIM swap is powerful because your phone number is often the master key to everything else. When an attacker controls your number, two things happen at once.

First, any login code sent by SMS lands on their device, not yours. If an exchange uses text-message two-factor authentication, the attacker now holds the second factor. Second, password-reset links and security alerts that go to your email can be intercepted too, especially if that email account also leans on your phone number for recovery.

Put together, the attacker can reset a password, approve the login with the SMS code they just received, and authorize a withdrawal, all before the real owner notices their phone has gone dark. That is exactly the chain this group is accused of exploiting against exchange customers.

If your crypto exchange or email still uses text-message codes as its main second factor, treat that as an open door. SMS was never designed to be a security token, and SIM-swap crews like this one exist specifically to steal it.

How to lock down your accounts today

You cannot stop a determined carrier-side attack on your own, but you can remove the payoff. The goal is to make a stolen phone number useless for getting into your money.

• Drop SMS two-factor on financial accounts. Switch your exchange and primary email to an authenticator app (the rotating 6-digit code kind) or, better, a hardware security key. These never travel over the phone network.
• Set a carrier SIM PIN or port-out lock. Most mobile providers let you add a passcode or number-transfer freeze that blocks a SIM swap unless the PIN is given.
• Turn on withdrawal allowlists. Many exchanges let you restrict withdrawals to pre-approved wallet addresses, with a cooling-off period before new ones activate.
• De-link your phone number from account recovery wherever a more secure option exists, so a hijacked number cannot trigger a reset.
• Watch for a sudden loss of signal. If your phone unexpectedly drops to no service, call your carrier from another line immediately; it can be the first sign of a swap in progress.

What happens next

The four arrested individuals now face charges including participation in an organized criminal group and hacking offenses, and they remain in pre-trial detention as the case proceeds. With the FBI and HSI involved, the investigation is likely to widen over the coming days, both toward any remaining members and toward the laundering trail that moved funds between countries.

For everyone else, the practical takeaway lands faster than any verdict. SIM-swap rings keep resurfacing because text-message security keeps making them profitable. Moving your crypto and email off SMS codes in the next day or two is the single change that takes you off this kind of crew s target list.

Source: BleepingComputer