Multinational Law Enforcement Strikes Back Against Crypto Theft Networks
A coordinated international law enforcement effort — formally named Operation Atlantic — has taken direct aim at sophisticated cryptocurrency theft schemes believed to have stolen tens of millions of dollars from victims around the world. The operation brought together agencies from the United States, the United Kingdom, and Canada, targeting a particularly deceptive fraud method known as approval phishing.
Over the course of the week-long operation, investigators identified more than $45 million in stolen funds and managed to freeze approximately $12 million in assets. Authorities have confirmed that the frozen funds will be returned to the victims who lost them.
What Is Approval Phishing?
At the heart of Operation Atlantic is a technique called approval phishing, a method commonly associated with so-called pig butchering investment scams. Unlike traditional phishing, which typically seeks login credentials, approval phishing manipulates victims into granting full administrative control over their cryptocurrency wallets.
Criminals execute this by deploying fraudulent web domains and sending deceptive notifications that are carefully designed to impersonate legitimate platforms and services. Once a victim unknowingly authorizes access, the attackers gain the ability to drain the wallet entirely — often leaving the victim with no recourse.
Scale of the Operation
The numbers uncovered during the operation underscore the breadth of these criminal networks:
- More than 20,000 compromised wallet addresses were identified, spanning victims across 30 different countries.
- Investigators proactively reached out to more than 3,000 individuals to alert them about active threats targeting their digital assets.
- Over 120 fraudulent web domains used to carry out cryptocurrency scams were taken offline as part of the enforcement action.
A Growing Global Threat
Operation Atlantic does not exist in isolation. It comes on the heels of a separate US announcement involving the seizure of more than $14 billion in bitcoin that had allegedly been obtained by a Cambodian crime ring through cryptocurrency scams — a figure that illustrates just how lucrative these schemes have become for organized criminal enterprises.
Beyond financially motivated criminal groups, state-sponsored actors have also turned to cryptocurrency theft as a funding mechanism. North Korean hackers, in particular, have drawn international attention for systematically stealing billions of dollars in digital assets to fund the isolated regime's weapons development programs. These actors represent a distinct and arguably more dangerous tier of the threat landscape, combining technical sophistication with geopolitical motivation.
Pig Butchering: A Fraud Model Built on Manipulation
Pig butchering scams — the broader category under which approval phishing often operates — typically begin with prolonged social engineering. Fraudsters cultivate trust with victims over weeks or months, often posing as romantic interests or investment advisors, before ultimately convincing them to invest in fraudulent cryptocurrency platforms. By the time victims realize something is wrong, their wallets have already been emptied.
The approval phishing variant is particularly insidious because it bypasses the need for victims to manually send funds. Instead, by granting what appears to be a routine permission request, victims hand over complete control of their wallets without understanding the consequences.
Takeaways for Cryptocurrency Users
Law enforcement agencies involved in Operation Atlantic have used the initiative not only as an enforcement action but also as a public awareness campaign. By directly contacting over 3,000 at-risk individuals and dismantling more than 120 malicious domains, the operation has a dual purpose: disrupting active fraud and educating potential future victims.
Security experts consistently advise cryptocurrency holders to be extremely cautious about any wallet permission requests, especially those originating from unsolicited messages or unfamiliar websites. Users should verify the legitimacy of any platform before granting token approvals, and should regularly audit wallet permissions using blockchain tools to revoke any access that is no longer needed or was granted inadvertently.
As digital assets continue to grow in value and mainstream adoption, the criminal ecosystem targeting crypto holders is likely to evolve alongside it — making coordinated international operations like Operation Atlantic an increasingly essential component of the global cybersecurity response.
Source: SecurityWeek