Four arrested in Poland over crypto SIM-swap attacks; ZachXBT links 'Merry' to case

Polish authorities have arrested four members of an organized criminal group accused of conducting SIM swap attacks on cryptocurrency exchanges, stealing digital assets, and laundering the proceeds, with onchain sleuth ZachXBT claiming a popular threat actor identified in past analysis was among the detained.

The joint operation supported by the U.S. FBI and Homeland Security Investigations agents found that group members breached the IT infrastructure of entities that cooperate with telecommunications operators, using specialized software and social engineering to access employees' email accounts, according to a press release published Thursday by Poland's Central Bureau for Combating Cybercrime, known by its Polish acronym CBZC.

That access enabled SIM swap attacks, or the illegal cloning and hijacking of victims' phone numbers, which the group then used to seize control of user accounts on cryptocurrency exchanges and drain the digital assets held there, according to the CBZC statement.

Stolen funds were then laundered through a distributed financial network spanning personal bank accounts in Poland and abroad, international payment platforms, and multi-currency digital wallets.

The total value of funds laundered is estimated to exceed tens of millions of Polish zlotys, according to the CBZC.