Polish law enforcement, spearheaded by the **Polish Cybercrime Bureau (CBZC)**, has successfully apprehended four members of an organized cybercrime group. This operation, bolstered by international cooperation from the **FBI** and **HSI**, targeted a ring responsible for high-value SIM-swapping attacks. Investigators revealed that the suspects employed advanced cyberattack techniques to acquire the necessary data for their SIM-swapping operations. This involved gaining unauthorized access to the infrastructure of entities collaborating with telecommunications operators and compromising employee email accounts. Once access was established, the perpetrators hijacked victims' phone numbers, intercepted critical SMS messages and email communications, and ultimately seized control of accounts on various cryptocurrency exchanges. This allowed them to illicitly transfer funds. "Using specialized software and social engineering, the perpetrators gained unauthorized access to the infrastructure of entities cooperating with telecommunications operators and employee email accounts,” stated the **CBZC** in an official announcement. “The data obtained in this way enabled so-called SIM swap attacks, which involve the illegal cloning and takeover of victims' phone numbers.” The stolen funds, estimated to be in the millions of U.S. dollars, were subsequently laundered through a complex, distributed financial network. **CBZC** estimates the total value of laundered funds to exceed several tens of millions of Polish złoty, translating to at least $5 million USD. The authorities noted that the group treated these illicit activities as a consistent source of income, utilizing multiple bank accounts across various countries and digital wallets to facilitate the transfer of stolen assets. The four arrested individuals are currently in pre-trial detention, facing serious charges including participation in an organized criminal group, hacking into IT systems to commit theft, and money laundering. These offenses carry a maximum penalty of 25 years in prison. While **CBZC** did not publicly name the arrested individuals, blockchain crime investigator **ZachXBT** identified one of them as **Wojtek Kulisz**, also known as “**Merry**,” based on images released by the authorities from the police raid.