Poland arrests four in SIM-swapping gang linked to crypto theft

Polish law enforcement has arrested four members of an organized cybercrime group suspected of conducting SIM-swapping attacks that netted millions in cryptocurrency. The group allegedly breached telecommunications partners and hijacked email accounts to intercept SMS-based two-factor authentication codes.

Details on the exact number of victims or the total value of stolen crypto remain undisclosed. Authorities described the operation as a coordinated effort targeting high-value cryptocurrency accounts, with the arrests following an investigation into the group's activities over an unspecified period.

The attack vector involved compromising telecom infrastructure to reroute SMS messages, combined with email account takeovers to bypass account recovery mechanisms. This allowed the group to drain cryptocurrency wallets after taking control of phone numbers and associated email addresses.

No information has been released about available patches or specific telecom vulnerabilities exploited. Affected individuals have been advised by Polish authorities to use hardware-based security keys or authenticator apps instead of SMS-based two-factor authentication for cryptocurrency accounts.

Attribution to specific nation-state actors or larger cybercriminal networks has not been established. The arrest marks a significant enforcement action in European cybercrime, though SIM-swapping remains a persistent threat globally due to the reliance on SMS for account security.