Law enforcement agencies from the U.S., UK, and Canada are conducting Operation Atlantic, a coordinated effort targeting the criminal networks behind approval-phishing scams, a type of fraud that drained millions of dollars from cryptocurrency users in 2025.
Operation Atlantic is co-hosted by the U.S. Secret Service, the UK’s National Crime Agency, the Ontario Provincial Police, and the Ontario Securities Commission. Additional participants include the Royal Canadian Mounted Police, the City of London Police, the U.S. Attorney’s Office for the District of Columbia, and the UK Financial Conduct Authority.
According to a statement on Monday, the operation is being conducted with private industry partners to identify potential victims, recover stolen funds, and raise public awareness about cryptocurrency fraud.
Approval phishing scams trick victims into signing malicious transactions that grant attackers full control over their cryptocurrency wallets, the statement said. Scammers typically send fake pop-ups or alerts appearing to come from trusted applications, requesting that users "approve" access. Once granted, criminals drain the wallet, and the irreversible nature of blockchain transactions makes fund recovery difficult. The scams are frequently linked to cryptocurrency investment fraud, commonly known as "pig butchering."
"Approval phishing and investment scams cost victims millions in financial loss each year," Brent Daniels, deputy assistant director for the U.S. Secret Service's Office of Field Operations, said in the statement. "During Operation Atlantic, the U.S. Secret Service, alongside our international law enforcement partners, will identify and disrupt these scams in near real-time denying criminals the ability to further profit from their crimes."
Some $83.85 million in signature phishing losses across EVM-compatible chains in 2025 represents an 83% decline from the $494 million recorded in 2024, according to Scam Sniffer's year-end report published in January.
Victim counts fell 68% to 106,106 from 332,000 the prior year. The largest single theft in 2025 totaled $6.5 million, involving stETH and aEthWBTC stolen via a Permit signature in September. Eleven cases exceeded $1 million, with Permit and Permit2 signatures accounting for 38% of those large-case losses, the report found.
Despite the decline in tracked losses, scam operations have grown increasingly industrialized, according to a Chainalysis report on phishing-as-a-service networks. The China-based "Smishing Triad" group, also known as "Darcula," operated a phishing kit vendor called Lighthouse that received over 7,000 cryptocurrency deposits and amassed more than $1.5 million over three years, the report said, citing a Google lawsuit filed in November 2025.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.