Four Arrested in Poland for SIM Swap Attacks Targeting Crypto Exchanges

Polish authorities have arrested four individuals linked to a sophisticated SIM swap operation that targeted cryptocurrency exchange users, draining victims’ accounts through social engineering tactics. The arrests highlight the growing threat of SIM swap attacks in the crypto space and underscore why security-conscious investors must move beyond SMS-based two-factor authentication.

What Happened: The Polish SIM Swap Ring

Law enforcement in Poland apprehended four suspects accused of orchestrating SIM swap attacks specifically designed to compromise cryptocurrency exchange accounts. The operation, which drew attention from prominent on-chain investigator ZachXBT, involved the attackers convincing mobile carriers to transfer victims’ phone numbers to SIM cards under their control. Once they hijacked a victim’s phone number, the attackers could intercept SMS-based two-factor authentication codes and gain full access to exchange accounts.

The arrests are part of a broader crackdown on social engineering threats targeting the crypto industry. ZachXBT, known for his relentless tracking of crypto fraud, had previously flagged activity connected to the group, which operated under the moniker “Merry.” The investigation revealed a well-organized operation that exploited one of the weakest links in crypto security: phone-based authentication.

How SIM Swap Attacks Work — And Why Crypto Users Are Prime Targets

SIM swapping is a form of social engineering where attackers manipulate telecom employees — through bribery, deception, or insider access — into reassigning a victim’s phone number to a new SIM card. Once the swap is complete, the attacker receives all calls and text messages intended for the victim, including one-time passwords (OTPs) sent by crypto exchanges.

Step 1: Attackers gather personal information about the target through data breaches, social media, or phishing.
Step 2: They contact the victim’s mobile carrier and impersonate the account holder, requesting a SIM transfer.
Step 3: Once the number is ported, they use SMS-based 2FA codes to reset passwords and access exchange accounts.
Step 4: Funds are rapidly withdrawn to external wallets, often laundered through mixers or cross-chain bridges.

Crypto users are particularly attractive targets because blockchain transactions are irreversible. Unlike traditional banking fraud, where chargebacks and account freezes can sometimes recover stolen funds, once crypto assets leave an exchange wallet, recovery is extraordinarily difficult. High-net-worth holders, DeFi power users, and individuals who publicly discuss their crypto portfolios on social media are especially vulnerable.

The Role of ZachXBT and On-Chain Investigators

The case once again demonstrates the critical role that independent on-chain investigators play in combating crypto crime. ZachXBT, a pseudonymous blockchain sleuth with a massive following, has become one of the most effective forces in identifying scammers, tracking stolen funds, and providing actionable intelligence to law enforcement agencies worldwide.

In this instance, ZachXBT’s research into the social engineering threat group helped connect the dots between multiple attacks and the individuals behind them. His work illustrates how blockchain’s transparency — often cited as a vulnerability for privacy — can actually serve as a powerful forensic tool. Every on-chain transaction leaves a permanent, traceable record, and skilled investigators can follow the money even across complex laundering paths.

The collaboration between on-chain researchers and traditional law enforcement is becoming increasingly formalized. Agencies like Europol, the FBI, and national cybercrime units now regularly incorporate blockchain analytics into their investigations, drawing on both proprietary tools from firms like Chainalysis and TRM Labs, and open-source intelligence from community investigators like ZachXBT.

How to Protect Yourself from SIM Swap Attacks

The Polish arrests serve as a stark reminder that even the most robust exchange security means nothing if your authentication method can be socially engineered. Here are essential steps every crypto user should take immediately:

Ditch SMS-based 2FA: Switch to hardware-based authentication (YubiKey) or authenticator apps like Google Authenticator or Authy. SMS verification is the weakest form of 2FA.
Set a carrier PIN or passphrase: Most telecom providers allow you to add a secondary security PIN that must be provided before any SIM changes are made.
Use a dedicated phone number: Consider using a separate, non-public phone number exclusively for exchange accounts and financial services.
Enable withdrawal whitelists: Many exchanges allow you to whitelist specific wallet addresses, adding a time-delayed buffer before new addresses can receive funds.
Minimize your digital footprint: Avoid publicly discussing your holdings, exchange usage, or portfolio size on social media platforms.
Use hardware wallets for long-term storage: Keep the majority of your assets in cold storage, reducing your exposure to exchange-level compromises.

It’s also worth noting that some jurisdictions are beginning to hold telecom companies partially liable for SIM swap losses, which may eventually force carriers to implement stronger identity verification protocols. Until then, however, the burden of security falls squarely on the individual user.

Conclusion

The arrest of four SIM swap attackers in Poland is a welcome development, but it represents just one battle in an ongoing war against social engineering threats in the crypto ecosystem. As digital asset adoption grows, so too does the sophistication of criminals targeting this space. The lesson is clear: your crypto security is only as strong as your weakest authentication layer. Take action today — audit your exchange security settings, move to hardware-based 2FA, and ensure your telecom accounts are locked down. In crypto, you are your own bank, and that means you are also your own security team.

Original reporting by Naga Avan-Nomayo via
TheBlock

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency investments carry significant risk. Always do your own research (DYOR) before making any investment decisions. We are not responsible for any financial losses incurred.