Catenaa, Monday, March 16, 2026- Authorities in the United States, United Kingdom and Canada launched Operation Atlantic to disrupt cryptocurrency approval-phishing networks responsible for millions of dollars in losses.
The coordinated operation announced Monday brings together investigators from the United States Secret Service, the National Crime Agency in the UK and Canadian law enforcement agencies including the Royal Canadian Mounted Police and the Ontario Provincial Police.
Officials said the campaign targets international criminal groups responsible for approval-phishing scams that drained about $84 million from cryptocurrency users in 2025.
The effort also involves the Ontario Securities Commission, the City of London Police, the Financial Conduct Authority and prosecutors from the United States Attorney’s Office for the District of Columbia.
Investigators are working with private blockchain analytics firms and cryptocurrency platforms to identify victims, track stolen funds and interrupt attacks while they occur.
Approval phishing involves tricking users into signing malicious transactions that grant criminals access to cryptocurrency wallets. Attackers typically impersonate legitimate decentralized finance applications and request wallet approvals through deceptive pop-up messages.
Once a victim signs the transaction, criminals gain permission to move funds and often drain wallets within seconds across blockchain networks compatible with the Ethereum Virtual Machine.
Officials said the operation focuses on disrupting the infrastructure used by scammers, including fraudulent domains, wallet drainer software and laundering networks that move stolen assets across multiple blockchains.
Blockchain security researchers have reported a decline in overall phishing losses compared with previous years, but investigators say attacks are becoming more sophisticated and organized.
Data from security firm Scam Sniffer recorded approximately $83.85 million in approval-phishing losses across EVM-compatible chains in 2025. The figure represented an 83 percent decline from the roughly $494 million lost in 2024.
The number of victims also fell significantly, dropping to about 106,000 users from more than 330,000 a year earlier.
Despite the decrease, researchers said the most severe attacks have grown more complex and targeted.
Several incidents in 2025 exceeded $1 million in stolen assets. One of the largest involved stolen tokens using a permit signature mechanism that allowed attackers to move assets without traditional wallet confirmations.
Security analysts say these attacks rely on digital approval standards used by many decentralized finance platforms, which allow users to authorize token transfers through signed messages.
While designed to streamline transactions, these mechanisms can be abused when users unknowingly grant unlimited spending permissions to malicious applications.
Investigators say phishing operations are increasingly commercialized. Criminal groups now sell ready-to-use phishing kits that automate the creation of fraudulent websites and wallet-draining software.
A network identified by researchers as the “Smishing Triad” allegedly distributed phishing tools to other cybercriminals and collected cryptocurrency payments for access to the services.
Law enforcement officials say the multinational effort reflects the global nature of cryptocurrency fraud.
Digital asset transactions move across borders within seconds, making it difficult for a single country to track stolen funds or arrest suspects operating overseas.
Operation Atlantic aims to coordinate investigations across jurisdictions and enable faster responses to ongoing attacks.
Authorities are also targeting so-called “pig butchering” scams, a form of long-term fraud in which criminals build relationships with victims before convincing them to transfer digital assets.
According to research from Chainalysis, global losses linked to crypto investment scams reached approximately $12.4 billion in 2025.
Investigators say phishing campaigns frequently act as the entry point for these broader fraud schemes.
The operation will also attempt to block laundering routes used by criminals to hide stolen funds.
Analysts say most stolen cryptocurrency eventually moves through privacy services such as Tornado Cash alternatives, cross-chain bridges and decentralized exchanges.
Industry partners participating in the investigation are expected to help track suspicious transactions and flag wallets linked to scams.
Authorities say cooperation with private firms has already improved the speed of asset tracing and helped prevent some funds from being moved beyond recovery.
Cybersecurity specialists say the initiative highlights the growing role of blockchain analytics in financial crime investigations.
Companies including TRM Labs and Elliptic have developed monitoring systems capable of identifying suspicious wallet activity and mapping criminal networks across blockchains.
These tools allow investigators to follow digital money flows in real time, sometimes enabling exchanges or wallet providers to freeze assets before they are laundered.
Security researchers also note that cryptocurrency wallets are gradually adding stronger defenses.
Many platforms now include transaction simulations that warn users if a signature request could allow unlimited token transfers.
Hardware wallets and smart-contract-based accounts increasingly require additional confirmations for high-risk transactions.
Regulators in several jurisdictions are considering new requirements for wallet security features and fraud detection systems.
Industry experts say user awareness remains one of the most effective protections against phishing attacks.
They recommend reviewing transaction permissions carefully and revoking unnecessary token approvals through blockchain tools.
Authorities involved in Operation Atlantic said the campaign will continue to track emerging fraud techniques and coordinate enforcement actions across international partners.
Officials said the operation represents one of the first trilateral law-enforcement efforts focused specifically on real-time disruption of cryptocurrency phishing networks.
