Poland busts SIM-swapping gang tied to millions in crypto theft

Summary

Polish authorities, with support from the FBI and HSI, have arrested four individuals suspected of operating a SIM-swapping cybercrime group. The gang allegedly breached telecommunications partners and hijacked email accounts to gain control of victims' phone numbers, intercept communications, and ultimately steal millions in cryptocurrency from exchange accounts. The stolen funds were then laundered through a distributed financial network.

Full text

Poland busts SIM-swapping gang tied to millions in crypto theft By Bill Toulas June 25, 2026 06:37 PM 0 Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. The operation was carried out by the Polish Cybercrime Bureau (CBZC) with support from the FBI and Homeland Security Investigations (HSI) in the United States. According to investigators, the suspects carried out sophisticated cyberattacks to obtain data used in SIM-swapping attacks. They hijacked victims' phone numbers, intercepted SMS messages and email communications, and ultimately gained control of accounts at cryptocurrency exchanges. It is estimated that millions of U.S. dollars have been stolen this way and then laundered "via a distributed financial network." “Using specialized software and social engineering, the perpetrators gained unauthorized access to the infrastructure of entities cooperating with telecommunications operators and employee email accounts,” reads CBZC’s announcement (automated translation). “The data obtained in this way enabled so-called SIM swap attacks, which involve the illegal cloning and takeover of victims' phone numbers.” Polish authorities comment that the actors treated these activities as “a regular source of income,” using multiple bank accounts across various countries and digital wallets to transfer the stolen funds. “It is estimated that the total value of the funds laundered in this manner exceeds several tens of millions of Polish złoty,” mentions CBZC, which would translate into at least $5 million based on the current exchange rate. The four arrested individuals, who have all been placed in pre-trial detention, now face offenses of participation in an organized criminal group, hacking into IT systems to commit theft, and money laundering. The maximum penalty for these offenses is 25 years in prison. Although CBZC didn’t name any of the threat actors arrested in this action, blockchain crime investigation ZachXBT identified one of them as Wojtek Kulisz, aka “Merry,” based on the images the authorities released from the police raid. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Authorities dismantle 'AudiA6' ransomware crypto-laundering serviceDark web Nemesis Market vendor gets 26 years for selling drugsINTERPOL ‘Operation Ramz’ seizes 53 malware, phishing serversDraftKings hacker 'Snoopy' sentenced to 18 months in prisonFBI: Cybercriminals steal health data posing as fraud investigators

Entities