Operation Atlantic Freezes $12M, Identifies 20K Crypto Victims

Law enforcement agencies from the United States, United Kingdom, and Canada concluded Operation Atlantic last month, freezing $12 million in stolen cryptocurrency and identifying more than 20,000 fraud victims across 30 countries. The week-long joint operation targeted "approval phishing"—a technique that tricks crypto holders into signing transactions that grant attackers access to their wallets.

The investigation identified an additional $33 million in suspect funds linked to investment fraud schemes, bringing the total disrupted fraud to over $45 million. Officials say the operation represents one of the largest coordinated efforts against cryptocurrency scams to date.

How Approval Phishing Works

Unlike traditional phishing that steals login credentials, approval phishing exploits the technical permissions built into blockchain smart contracts. Victims receive fake alerts appearing to come from trusted apps or cryptocurrency services. When they click "approve," they unknowingly sign a transaction granting full wallet access to attackers.

Once a victim approves access, criminals can drain funds at will—often within 48 hours before victims realize what happened. The transactions are irreversible, and because the victim technically authorized them, recovering funds through normal channels is nearly impossible.

The technique frequently appears in romance scams and fake investment schemes, where scammers spend weeks or months building trust before directing victims to compromised platforms. This pattern, sometimes called pig butchering, has exploded in recent years, with fraud networks processing billions in stolen cryptocurrency.

Operation Atlantic Details

The UK's National Crime Agency led the operation alongside the US Secret Service, Ontario Provincial Police, Ontario Securities Commission, City of London Police, and the Financial Conduct Authority. Private sector partners including blockchain analytics firm TRM Labs provided intelligence support.

"This intensive action has led to the safeguarding of thousands of victims in the UK and overseas, stopped criminals in their tracks and helped save others from losing their funds," said Miles Bonfield, NCA Deputy Director of Investigations.

TRM's analysts processed thousands of blockchain addresses during the operation, mapping fund flows across exchanges and decentralized protocols. Their work produced seizure-ready intelligence packages linking stolen funds to criminal networks. According to TRM, fraud networks now move stolen funds onward within 48 hours, compressing the window for intervention.

The operation identified victims through blockchain analysis rather than waiting for fraud reports. Investigators proactively contacted potential victims to warn them before additional losses occurred—a shift from traditional reactive approaches.

Growing Scale of Crypto Fraud

Approval phishing represents a small but rapidly growing segment of cryptocurrency crime. According to TRM Labs data, stablecoins now comprise approximately 84 percent of verified fraud inflows, up from 70 percent in 2024. The shift reflects criminals' preference for assets with stable value during the laundering process.

The broader cryptocurrency fraud landscape continues expanding. In 2025, approximately $35 billion flowed to fraud schemes globally. Recent incidents highlight the diverse attack vectors targeting crypto holders—from SDK vulnerabilities in mobile wallet apps to direct theft of corporate cryptocurrency holdings.

Protecting Yourself

The agencies offered guidance for crypto holders:

1. Verify all transaction requests — Never approve wallet permissions from pop-ups or links in emails. Navigate directly to official sites.
2. Review connected apps — Use services like Revoke.cash to audit and remove wallet permissions you don't recognize.
3. Be skeptical of unsolicited contact — Investment opportunities that arrive via dating apps or social media are almost always scams.
4. Report promptly — Contact law enforcement immediately if you suspect fraud. Quick reporting increases recovery chances.

Operation Atlantic follows similar international efforts targeting crypto crime, including Europol's January 2026 takedown of a network that laundered over €700 million and the US Department of Justice's $61 million seizure of Tether linked to pig butchering schemes in February. Nation-state actors have also stolen billions in cryptocurrency through increasingly sophisticated attacks on exchanges and DeFi protocols.

The participating agencies haven't announced arrests, suggesting the intelligence gathered may feed ongoing investigations. Victims identified during the operation will be contacted by local law enforcement with information about potential fund recovery.