Investigators identified more than 20,000 victim wallet addresses spanning more than 30 countries.
Table of Contents
Crypto News
Authorities from the United States, the United Kingdom, and Canada froze more than $12 million in cryptocurrency proceeds linked to approval phishing schemes during a coordinated enforcement operation last month. The campaign, called Operation Atlantic, ran for one week in March and was led by the U.S. Secret Service, the U.K.’s National Crime Agency, the Ontario Provincial Police, and the Ontario Securities Commission.
Investigators identified more than 20,000 victim wallet addresses spanning more than 30 countries. Law enforcement directly contacted over 3,000 individuals who were believed to be at risk or already affected by the schemes. The NCA said the operation uncovered more than $45 million in total cryptocurrency fraud proceeds across all cases reviewed.
Authorities also dismantled more than 120 web domains that scammers had been using to target victims. A further $33 million in suspected investment fraud proceeds was flagged and remains under active investigation. Some of the scam websites identified during the operation were still defrauding victims at the time investigators found them.
Approval phishing works differently from conventional crypto fraud. Rather than persuading victims to send funds directly, these schemes trick users into signing wallet permissions that give attackers control over specific tokens. Once that permission is signed, the scammer can drain those tokens without any further action from the victim.
“Operation Atlantic demonstrated the importance and need for international collaboration to stop cryptocurrency fraud,” said Brent Daniels, assistant director of the Secret Service’s Office of Field Operations. NCA Deputy Director of Investigations Miles Bonfield said the operation showed what becomes possible when international agencies and private industry work in coordination.
Binance’s Special Investigations team participated in the operation, conducting live account screening and providing intelligence on suspected bad actors to support asset seizure efforts. The team also identified scam websites that were still active during the operation. Flavio Tonon, Binance’s senior regional advisor for Europe, the Middle East, and Africa, said blockchain transparency limits how far criminals can move stolen funds before they are traced. Binance confirmed that no funds on its platform were frozen as part of the operation.
The scale of Operation Atlantic is notably larger than a comparable campaign from the previous year. Operation Avalanche traced approximately $4.3 million in $ETH to approval phishing schemes. Separately, phishing tactics have begun appearing in physical form. Crypto users have reported receiving letters impersonating hardware wallet providers Ledger and Trezor, directing recipients to scan QR codes or visit fraudulent websites under the pretense of mandatory security checks. Investigators believe some of these physical campaigns draw from personal data exposed in past breaches at crypto companies.