Four arrested in Poland over crypto SIM-swap attacks; ZachXBT links ‘Merry’ to case

Polish authorities arrested four individuals in connection with SIM-swap attacks targeting cryptocurrency holders, with blockchain analyst ZachXBT identifying threat actor 'Merry' as one of those detained. The case highlights law enforcement's growing capability to dismantle organized cybercriminal networks operating in the crypto space.

The arrest of four suspects in Poland represents a significant enforcement action against SIM-swap criminals who have historically operated with relative impunity across borders. SIM-swap attacks exploit telecommunications vulnerabilities to redirect SMS-based two-factor authentication codes, allowing attackers to seize control of cryptocurrency wallets and drain substantial funds. ZachXBT's identification of 'Merry' as a detained suspect suggests intelligence sharing between independent researchers and law enforcement has matured considerably, enabling faster threat actor attribution and apprehension.

SIM-swap attacks emerged prominently in 2018-2019 and have evolved into a sophisticated criminal enterprise. Perpetrators typically work with corrupted telecom employees to access customer accounts, then pivot to cryptocurrency exchange accounts lacking hardware wallet security. The money laundering component of this investigation indicates Polish authorities are targeting the full criminal lifecycle, not just initial theft. This contrasts with previous enforcement efforts that focused narrowly on individual stolen funds.

The case carries meaningful implications for cryptocurrency security practices. Exchanges and wallet providers face renewed pressure to implement security measures that don't rely solely on SMS-based authentication. Hardware wallets and physical security keys gain credibility as superior alternatives. Institutional investors considering cryptocurrency exposure will view improved law enforcement coordination as reducing systemic risk.

Future attention should focus on whether this investigation uncovers operational infrastructure, cryptocurrency mixing services, or connections to larger cybercriminal syndicates. Polish prosecution success could establish precedent encouraging other European jurisdictions to pursue similar cases, gradually raising the cost of SIM-swap operations and forcing criminal networks into higher-friction operational models.

• →Four suspects arrested in Poland for SIM-swap attacks targeting cryptocurrency users, with threat actor 'Merry' identified among detainees
• →Investigation targets both theft and money laundering components, indicating comprehensive law enforcement strategy
• →ZachXBT's threat actor identification demonstrates effective collaboration between independent researchers and authorities
• →SIM-swap attacks remain a critical vulnerability for users relying on SMS-based two-factor authentication
• →Successful prosecution may establish precedent encouraging broader European enforcement against cryptocurrency-focused cybercrime