Operation Atlantic, a joint initiative coordinated from the UK National Crime Agency's London headquarters, brought together agencies from the United States, United Kingdom, and Canada to target approval phishing, a form of cryptocurrency fraud in which victims are tricked into signing blockchain transactions that hand attackers ongoing control over their wallets. Unlike conventional password theft, this technique exploits smart contract permissions, allowing fraudsters to drain targeted wallets automatically and repeatedly once a victim has clicked "approve" on what appears to be a legitimate investment platform or staking interface. The operation launched in March 2026 and culminated in a one-week enforcement sprint concluding April 9.

Investigators identified $45 million in cryptocurrency fraud schemes in total. Of that figure, $12 million has been frozen and returned to victim wallets. The remaining $33 million remains under active investigation. More than 3,000 victims were contacted directly by authorities, and according to The Block, over 120 fraudulent cryptocurrency domains were taken down as part of the infrastructure disruption, a figure not independently confirmed by agency press releases.

TRM Labs, one of the on-chain analytics firms supporting the operation, noted that a single approval phishing network traced during the operation was responsible for $15 million in victim losses on its own.

Participating agencies included the US Secret Service, the US Attorney's Office for the District of Columbia, the NCA, City of London Police, the UK Financial Conduct Authority, the Ontario Provincial Police, the Royal Canadian Mounted Police, and the Ontario Securities Commission. Chainalysis and TRM Labs provided real-time blockchain tracing, mapping fund flows across multiple networks and producing what TRM Labs described as "seizure-ready intelligence packages" ahead of enforcement actions.

Brent Daniels, Deputy Assistant Director of the US Secret Service Office of Field Operations, said the operation was designed to deny criminals the ability to profit from ongoing schemes in near real-time.

"Through this operation, investigators prevented millions of dollars in fraud losses and disrupted millions more," Daniels said. Paul Foster, the NCA's Deputy Director of Cyber, framed the cross-border structure as a necessity: "Criminals operate across borders, so our response must do the same." Miles Bonfield, NCA Deputy Director of Investigations, called the operation "a powerful example of what is possible when international agencies and private industry work side by side." Representatives from the Ontario Provincial Police and the Ontario Securities Commission also underscored the importance of international coordination in protecting investors from cross-border fraud schemes.

Why This Matters Outside the US and UK

Approval phishing is the core technical delivery mechanism behind a category of fraud widely known as pig butchering, long-con schemes in which perpetrators build fake personal or romantic relationships with victims over weeks or months, then direct them toward fraudulent investment platforms.

Since 2020, pig butchering has grown roughly 85-fold globally, according to Decrypt's reporting on Chainalysis data.

The scale of exposure in Africa and South Asia is significant. In India alone, victims have lost an estimated 72,000 crore rupees (approximately $8.6 billion) to crypto scams since 2015, according to CoinIndex India, with the Enforcement Directorate uncovering roughly 2,300 crore rupees ($275 million) in Ponzi-style schemes in 2025 that used celebrity deepfakes as bait.

A separate INTERPOL sweep across Africa in 2026 netted 651 arrests and recovered $4.3 million, with investigators linking schemes in Nigeria and Kenya to over $45 million in losses in a separate set of schemes. The scale of fraud in those markets has been compounded by collapses such as CBEX, a fake AI-powered trading platform that stole more than $800 million from victims in Nigeria and Kenya before it unraveled, according to BeInCrypto.

Nigeria's police dismantled fraud rings running fake digital asset investment platforms, while Kenyan authorities made 27 arrests tied to fake investment dashboards circulated on messaging apps.

On-chain data underscores why these regions face outsized risk. TRM Labs reports that approximately 84 percent of fraud inflows in 2025 were denominated in stablecoins, up from 70 percent the year prior. Tether (USDT) is widely documented as the dominant asset in informal crypto use across South Asian and African markets, meaning users in those regions are transacting primarily in the asset class that fraudsters most frequently exploit.

Chainalysis's 2026 Crime Report puts global confirmed scam inflows for 2025 at at least $14 billion, with total estimated losses closer to $17 billion. The FBI recorded 181,565 cryptocurrency-related complaints in 2025, a 21 percent increase year-on-year, with $1.366 billion in reported losses, according to The Register. Chainalysis data further shows that impersonation scam volumes grew 1,400 percent year-on-year, and that AI-enabled scams are 4.5 times more profitable than traditional scams.

What Affected Users Can Do Now

Victims or those who suspect their wallets have been compromised can report directly to the Internet Crime Complaint Center at IC3.gov or contact the Secret Service at OperationAtlantic@secretservice.gov. Wallet holders can also audit and revoke active smart contract permissions using tools such as Revoke.cash, which displays all permissions a wallet has granted and lets users cancel them individually. Wallet and decentralized application builders are encouraged to integrate permission revocation interfaces directly into their products and to enable fraud reporting through Chainabuse.com, steps that agency guidance identifies as practical developer-facing safeguards.

Operation Atlantic follows a line of predecessor actions, including Operation Spincaster, which generated more than 7,000 investigative leads tied to $162 million in losses, and Canada's Project Atlas in 2024, which identified more than 2,000 compromised wallets across 14 countries and separately froze roughly $24 million in stolen crypto.

The public-private collaboration model deployed in Operation Atlantic has been described by both Chainalysis and TRM Labs as a template for future enforcement. Regional regulators in markets such as India, Nigeria, and Kenya could adopt the same on-chain analytics infrastructure to build equivalent early-warning systems domestically, replicating the rapid fund-tracing capabilities that made the one-week enforcement sprint possible.