US, UK and Canada Launch a Joint Operation Targeting Crypto Approval Phishing Networks

Law enforcement and regulatory agencies from three countries have joined forces to disrupt one of the most technically sophisticated forms of cryptocurrency fraud currently targeting retail investors.

Operation Atlantic, a week-long initiative co-hosted by the U.S. Secret Service, the UK’s National Crime Agency, the Ontario Provincial Police, and the Ontario Securities Commission, began this week with teams operating out of hubs in San Francisco and Washington.

What Approval Phishing Actually Is

According to information from Ontario Securities Commission, the mechanics of the fraud are worth understanding before getting to the operation itself. Approval phishing does not work the way most people imagine crypto theft does. There is no hacking of wallets, no seed phrase extraction, no brute-force attack.

Instead, victims are shown a fake pop-up or alert that mimics a trusted application or service. The prompt asks them to approve a transaction, which looks routine to anyone unfamiliar with how token permissions work. What they are actually signing is a smart contract permission that grants a criminal full spending authority over their wallet. Once that approval is granted, the attacker can drain the wallet in transactions that are immediate and irreversible.

The sophistication of the attack is precisely what makes it difficult to defend against at scale. The victim does not lose funds because of a technical vulnerability. They lose funds because they were deceived into granting access voluntarily.

The Link to Pig Butchering

Operation Atlantic is not targeting isolated scammers. It is going after organized networks, many of which run approval phishing as one layer of a broader long-term investment fraud scheme commonly known as pig butchering. In those operations, fraudsters spend weeks or months building trust with victims through fabricated relationships before introducing them to fake investment platforms. The approval phishing mechanism is often the final step, the point at which the accumulated trust is cashed out and the wallet is drained.

The connection matters for understanding the scale of what these agencies are dealing with. These are not opportunistic criminals. They are syndicates running structured, multi-stage fraud operations across international jurisdictions.

How the Operation Is Structured

Operation Atlantic runs three parallel teams across 16-hour daily shifts out of its dual hubs. The first team uses blockchain forensics to identify victims who have already granted malicious approvals, working in near real-time with private sector partners and exchanges to flag compromised wallets before funds are fully extracted. The second team makes direct contact with those victims, warning them and walking them through the process of revoking the token approvals that gave attackers access. The third team focuses on legal work, collecting data and building criminal cases against the organizing syndicates for prosecution.

The structure reflects a deliberate shift in how law enforcement approaches crypto fraud. Rather than waiting for a crime to complete and then attempting recovery — which is rarely successful given the irreversibility of on-chain transactions — Operation Atlantic is built around intervention before the drain happens. Real-time identification changes the calculation significantly.

Building on Prior Work

Operation Atlantic did not emerge in isolation. It builds directly on Project Atlas, a 2024 initiative, and Operation Spincaster, both of which developed the cross-border cooperation frameworks and blockchain forensics capabilities that Atlantic is now scaling. The inclusion of the Royal Canadian Mounted Police, the City of London Police, the U.S. Attorney’s Office for the District of Columbia, and the UK’s Financial Conduct Authority alongside the core co-hosts signals an intent to move beyond awareness operations toward actual prosecutions.

The week-long window is short by design. The goal is to demonstrate operational tempo and disrupt active networks during a concentrated period, with the legal team’s output feeding into longer-term prosecutorial work after the operation concludes.

The post US, UK and Canada Launch a Joint Operation Targeting Crypto Approval Phishing Networks appeared first on ETHNews.