US, UK and Canada launch Operation Atlantic to curb crypto phishing

Law enforcement agencies in the United States, United Kingdom and Canada launched Operation Atlantic, a joint effort to identify victims, recover assets and disrupt the criminal networks behind approval phishing scams that stole millions of dollars from cryptocurrency users in 2025.

The operation is co-hosted by the U.S. Secret Service, the UK’s National Crime Agency, the Ontario Provincial Police and the Ontario Securities Commission. Other participants include the Royal Canadian Mounted Police, the City of London Police, the U.S. Attorney’s Office for the District of Columbia and the UK Financial Conduct Authority. The agencies are working with private industry partners to flag potential victims in near real time, pursue asset recovery where possible and increase public awareness of cryptocurrency fraud.

Approval phishing involves tricking users into signing malicious blockchain transactions that grant attackers permission to spend funds or control a digital wallet. Scammers often use fake pop-ups or alerts that imitate trusted apps and prompt an “approve” action. Once access is granted, funds can be drained, and the finality of most blockchain transactions makes reversals uncommon. Officials link many of these attacks to cryptocurrency investment cons known as the pig butchering scam.

In a statement, Brent Daniels, deputy assistant director for the U.S. Secret Service’s Office of Field Operations, noted that “approval phishing and investment scams cost victims millions in financial loss each year.” He added: “During Operation Atlantic, the U.S. Secret Service, alongside our international law enforcement partners, will identify and disrupt these scams in near real time, denying criminals the ability to further profit from their crimes.”

Losses tied to signature-based phishing on EVM-compatible blockchains totaled about $83.85 million in 2025, down 83% from roughly $494 million in 2024, according to a year-end review by blockchain security firm Scam Sniffer. The number of known victims fell 68% to 106,106 from 332,000 a year earlier. The largest known theft in 2025 reached $6.5 million in September and involved stETH and aEthWBTC drained via a Permit signature. Eleven incidents exceeded $1 million, with Permit and Permit2 signatures accounting for 38% of those larger cases.

Although crypto hack losses fell 69% in February to $26.5 million, the lowest since March 2025, researchers have documented broader use of phishing-as-a-service models. One China-based group known as Smishing Triad, or Darcula, operated a kit vendor called Lighthouse that received more than 7,000 cryptocurrency deposits totaling over $1.5 million across three years, according to Chainalysis, which referenced a lawsuit filed in November 2025.

Agencies coordinating Operation Atlantic said they will focus on stopping active scams, notifying victims with guidance and issuing public advisories to limit further losses as criminals continue to use deceptive approval requests to seize control of wallets.