Crypto Phishing Scam Crackdown: US, UK, Canada Launch Operation Atlantic

The US Secret Service, UK National Crime Agency, and Canadian authorities launched a joint operation Monday targeting crypto fraud networks. The crypto phishing scam operation—dubbed “Operation Atlantic”—focuses on approval phishing schemes that drained $2.7 billion since 2021.

Three countries. One enemy. Real-time disruption.

“Approval phishing and investment scams cost victims millions in financial loss each year,” noted Brent Daniels, deputy assistant director for the Secret Service’s Office of Field Operations. The agencies plan to identify victims before they lose funds and recover stolen crypto in near real-time.

That’s the ambitious part.

Operation Atlantic brings together the Ontario Securities Commission, Ontario Provincial Police, Royal Canadian Mounted Police, City of London Police, US Attorney’s Office for the District of Columbia, and the UK’s Financial Conduct Authority. The Monday notice outlined coordination across borders to disrupt scam networks, raise awareness, and track stolen funds.

Multi-jurisdiction operations aren’t new. What’s different: the focus on real-time intervention before funds vanish.

**How Crypto Phishing Scam Drains Wallets**

Approval phishing works differently than typical phishing attacks. Standard phishing tricks users into handing over private keys or seed phrases. Approval phishing is more subtle.

According to Chainalysis, the crypto phishing scam variant involves tricking users into signing a malicious blockchain transaction. That transaction grants the scammer’s address approval to spend specific tokens inside the victim’s wallet. Once approved, the scammer drains the wallet at will.

The user thinks they’re signing something legitimate—a swap, a mint, an airdrop claim. They’re actually signing away control.

I’ve seen traders who understood leverage and derivatives get caught by this. The transaction looks normal in MetaMask or WalletConnect. By the time they check Etherscan, the wallet’s empty.

Not ideal.

**The Numbers Tell the Story**

Chainalysis data shows $2.7 billion stolen through approval phishing between May 2021 and July 2024. That’s just one type of crypto phishing scam—not counting seed phrase phishing, fake websites, or impersonation attacks.

February saw a sharp increase in phishing attacks, according to crypto intelligence platform Nominis. Overall crypto scams and exploits fell to $49 million in February from $385 million in January. Lower total losses but more frequent attacks suggests scammers shifted tactics—smaller hits, more victims, harder to trace.

Volume went up. Individual haul went down. Classic fragmentation pattern when law enforcement pressure increases.

**Building on Past Operations**

Operation Atlantic builds on the Ontario Securities Commission’s Project Atlas, launched in 2024 with Ontario Provincial Police and the US Secret Service. That operation targeted crypto fraud networks operating across North American borders.

Chainalysis ran Operation Spincaster in 2024, specifically targeting approval phishing. That initiative provided the $2.7 billion theft figure and likely fed intelligence into Operation Atlantic.

The playbook: identify scam addresses, track fund flows, coordinate takedowns across jurisdictions before scammers move funds through mixers or bridges.

Timing matters. Once funds hit Tornado Cash or cross to a privacy chain, recovery odds crater.

**Real-Time Disruption: Theory vs Practice**

The agencies claim they’ll identify and disrupt crypto phishing scam operations in near real-time. That’s ambitious.

Blockchain transparency helps—every transaction is visible. But scammers move fast. Compromised wallet to mixer to offramp can happen in under 30 minutes. Real-time intervention means automated monitoring, pre-positioned legal authorities, and exchange cooperation to freeze funds instantly.

That infrastructure exists for major hacks. Applying it to smaller-scale phishing requires significant resources.

Question is whether three-country coordination moves faster than scammers fragmenting operations across dozens of wallets.

**What Users Need to Know**

Approval phishing exploits blockchain permission systems. Every DeFi interaction requires token approvals. Users approve Uniswap to spend USDC. They approve an NFT marketplace to transfer their NFTs. Legitimate protocols need these approvals to function.

Scammers disguise malicious approval requests as legitimate ones. The transaction pops up in your wallet. Looks normal. You sign it. Now they control your tokens.

Best defense: check what you’re approving before signing. Use tools like Revoke.cash or Etherscan’s token approval checker to see what permissions your wallet has granted. Revoke approvals you don’t recognize.

Never sign transactions from links in Discord DMs, Twitter replies, or unexpected emails. Even if it looks like it’s from a project you follow.

I’ve traded through multiple cycles. The sophistication of phishing attacks increased every year. 2021 scams were obvious. 2024 scams replicate legitimate sites pixel-perfect, use verified Twitter accounts, compromise Discord servers.

The threat evolved faster than user education.

**What’s Next**

Operation Atlantic represents the most coordinated international effort against crypto phishing scam networks to date. Whether it achieves real-time disruption depends on execution—monitoring speed, legal coordination, exchange compliance.

Past operations took down specific scam rings but didn’t stop the broader trend. Phishing attacks increased in February despite multiple enforcement initiatives. Scammers adapt, fragment, move jurisdictions.

For now, cross-border cooperation at least signals that approval phishing is a law enforcement priority. The question: can three governments move faster than decentralized scam networks?

Next catalyst: first major bust from Operation Atlantic. That’ll show whether real-time disruption works or remains theory.