Four Arrested in Poland for Crypto SIM-Swap Attacks; Threat Actor 'Merry' Linked
25 Jun 2026 · 13:27 UTC · The Block · Original source
Summary
Polish law enforcement has detained four individuals as part of a cryptocurrency crime investigation focused on SIM-swap attacks and money laundering operations. Blockchain security researcher ZachXBT has identified the threat actor known as 'Merry' among those arrested. SIM-swap attacks involve criminals hijacking phone numbers linked to cryptocurrency exchange and wallet accounts, using the compromised phone numbers to bypass security measures and gain unauthorized access to digital assets. The arrests represent coordinated law enforcement action against organized cybercrime targeting the cryptocurrency ecosystem.
Why it matters
SIM-swap attacks operate by compromising phone numbers used for 2FA, allowing account takeovers without defeating exchange security architecture. The detention of organized actors suggests law enforcement capability maturation but likely disrupts only operational capacity, not the underlying threat model. Key drivers: (1) Positive sentiment from threat actor disruption—reduces near-term individual theft risk; (2) Limited systemic impact—wallet theft doesn't threaten network consensus or institutional adoption; (3) Geographic constraint—European enforcement affects primarily EU crime networks; (4) Copycat resilience—similar attacks will persist from other groups. Uncertainties include detection of whether arrests materially reduce attack volumes, extent of knowledge transfer to enforcement globally, and whether mainstream adoption sentiment shifts meaningfully. ZachXBT's allegation carries weight given his research track record, but requires eventual legal confirmation. News is moderately positive but incremental—it's a security maturation data point rather than a paradigm shift. Alt tokens show higher sensitivity because they trade on smaller exchanges with potentially higher vulnerability profiles; Bitcoin's macro orientation limits reaction.
Expected impact
The arrest of four individuals, including alleged threat actor 'Merry', by Polish authorities represents a modest positive catalyst for cryptocurrency security sentiment. SIM-swap attacks—where criminals hijack phone numbers tied to crypto accounts to bypass 2FA protections—constitute a known but limited threat vector. Law enforcement action demonstrates increasing global focus on crypto crime prevention. However, immediate market impact is constrained because: (1) arrests improve sentiment without fixing fundamental infrastructure vulnerabilities; (2) individual account theft rarely drives macro market volatility; (3) this is incremental progress on a known problem, not a systemic breakthrough. Impact manifests primarily through sentiment improvement among security-conscious traders rather than price catalysts. Bitcoin, being macro-focused, sees minimal reaction. Altcoins show slightly higher sensitivity due to broader security concern awareness. The effect dissipates quickly as news cycles advance.