The Polish Central Bureau of Combating Cybercrime detained four people in a joint operation carried out with the FBI and the US Homeland Security Investigations unit. It was announced that the suspects organized SIM card exchange attacks to steal assets from accounts on cryptocurrency exchanges and laundered the proceeds through bank accounts and digital wallets.
Scope of operation
According to the operation announced on June 25, Polish authorities stated that the suspects acted in an organized structure and put assets worth millions of zlotys into circulation. The prosecutor’s office calculates that the total amount laundered exceeds tens of millions of zlotys, which corresponds to approximately 15 million dollars at the current exchange rate.
Polish authorities reported that four people were detained in connection with SIM card exchange attacks targeting accounts on cryptocurrency exchanges and that the investigation is ongoing.
According to authorities, the group first infiltrated the information technology systems of companies working with telecom operators. Then, employees’ e-mail accounts were compromised using social engineering methods and special software. Thanks to this access, the victims’ phone numbers were copied and control passed to the suspects.
Mini dictionary: SIM card replacement attack is an account takeover method by moving a person’s phone number to another SIM card with the operator. In this way, attackers can access stock exchange and e-mail accounts by obtaining single-use SMS verification codes.
How cryptocurrency accounts were targeted
According to the investigation file, after gaining access to SMS and e-mail channels, the suspects took over accounts on cryptocurrency exchanges and systematically emptied the balances. It was noted that the stolen assets were then transferred through personal bank accounts in Poland and abroad, international payment platforms and digital wallets belonging to different entities.
Blockchain researcher ZachXBT linked one of the suspects to social engineer Wojtek Kulisz, who goes by the pseudonym “Merry” online. Polish authorities did not share names and photographs. However, ZachXBT claimed that the clothing and jewelry seen on a public Instagram account matched the items in the images taken during the seizure.
Within the scope of the case, four suspects face charges of participation in an organized crime group, theft through unauthorized access to information systems and money laundering.
Investigation ongoing
Four people were sent to prison during the detention process. Authorities reported that the investigation is ongoing and the suspects could face up to 25 years in prison if convicted.
This operation was one of the latest examples of international cooperation against crimes related to crypto assets. In March, the FBI and Thai police froze approximately $580 million in cryptocurrencies linked to Southeast Asia-related fraud schemes. At the end of May, over $8 billion in assets, including more than 127 thousand Bitcoins, were seized as part of the FBI’s Operation Blackout.
