The US, UK, and Canada Just Launched a Joint Operation to Stop Crypto Approval Phishing in Real Time

Three governments decided the best way to fight crypto fraud is to stop pretending borders matter. On March 16, the US Secret Service, the UK's National Crime Agency, and Canada's Ontario Provincial Police launched Operation Atlantic, a joint initiative targeting "approval phishing," the mechanism behind most crypto investment scams running today.

The operation runs for a week with a specific mandate: identify compromised wallets, contact victims before they lose more, and disrupt active scam operations in near real-time.

$17 Billion Stolen Last Year, and One Trick Drives Most of It

Approval phishing is straightforward. A victim receives a pop-up or alert that appears to come from a legitimate wallet service or DeFi protocol. It asks the user to approve a transaction or grant wallet permissions. The moment that approval goes through, the attacker has full control of the wallet and can drain it in an irreversible blockchain transaction.

The scam frequently arrives wrapped in a "pig butchering" setup, where criminals build fake romantic relationships online over weeks or months before steering the victim toward a fraudulent investment platform. By the time the approval phishing trigger fires, the victim already trusts the person on the other end.

Chainalysis estimates that at least $17 billion was stolen through crypto crimes in 2025, with approval phishing and investment fraud driving a significant share. The number was originally tracked at $14 billion in on-chain activity before being revised upward toward $17 billion as more wallet flows were identified.

Who Is Running Operation Atlantic

The co-hosts are the US Secret Service, UK National Crime Agency, Ontario Provincial Police, and the Ontario Securities Commission. But the full roster is wider:

United States: Secret Service, US Attorney's Office for the District of Columbia
United Kingdom: National Crime Agency, City of London Police, Financial Conduct Authority
Canada: Ontario Provincial Police, Ontario Securities Commission, Royal Canadian Mounted Police

"Approval phishing and investment scams cost victims millions in financial loss each year," said Brent Daniels, Deputy Assistant Director at the US Secret Service. The operation will "identify and disrupt these scams in near real-time."

Paul Foster, Deputy Director of Cyber at the UK National Crime Agency, was blunter: "Criminals operate across borders, so our response must do the same."

The agencies are also working with unnamed "private industry partners," which likely includes blockchain analytics firms and exchanges that can flag or freeze suspicious wallets.

The Predecessor Found 2,000 Compromised Wallets Across 14 Countries

Operation Atlantic builds on Project Atlas, a 2024 Canadian-led operation that targeted international crypto investment fraud networks. The results from Atlas give some scale to what Atlantic is aiming for:

Over 2,000 compromised wallets identified across 14 countries
Approximately $70 million in potential fraud disrupted
About $24 million in stolen cryptocurrency frozen

A separate initiative, Operation Spincaster, generated more than 7,000 investigative leads tied to roughly $162 million in losses.

The US Department of Justice also launched an interagency Scam Center Strike Force in November 2025, specifically targeting pig butchering scams linked to organized crime networks. Operation Atlantic appears to be the international extension of that domestic effort.

What Victims Should Do Right Now

If you have ever approved a transaction you did not fully understand, or granted wallet permissions to a service you cannot verify, the three agencies have set up dedicated resources:

US: secretservice.gov/OperationAtlantic
UK: nationalcrimeagency.gov.uk/news/operation-atlantic
Canada: opp.ca/atlas and getsmarteraboutmoney.ca

The practical steps are the same regardless of country: revoke any token approvals you do not recognize (tools like Revoke.cash or Etherscan's token approval checker work for EVM chains), move remaining funds to a fresh wallet, and report the incident through the appropriate national portal.

For users holding crypto on self-custody wallets, the approval phishing vector is particularly relevant. Custodial exchanges handle permissions internally, but self-custody means every approval decision sits with the user. Revoking stale approvals periodically is basic wallet hygiene that most users skip.

The Bigger Pattern

This is the third major cross-border crypto enforcement coordination in 18 months. The trend is clear: individual countries cannot trace, freeze, or recover crypto assets alone because the infrastructure is global. The UK's FCA, America's Secret Service, and Canada's securities regulators each have jurisdiction over different pieces of the same fraud chain.

BTC trades at $74,300 and ETH at $2,326 as of March 17, 2026, with the broader market in neutral territory (Fear & Greed index at 44). The market has not reacted to Operation Atlantic specifically, which is expected. Enforcement actions that protect users rather than restrict protocols tend not to move prices.

The real test is whether Atlantic can match or exceed Atlas's $24 million freeze. With $17 billion stolen last year and approval phishing still the dominant attack vector, the agencies have no shortage of targets.

Overview

The US Secret Service, UK National Crime Agency, and Canadian law enforcement launched Operation Atlantic on March 16, a week-long joint initiative to disrupt crypto approval phishing scams in real time. The operation builds on Project Atlas, which identified 2,000 compromised wallets across 14 countries and froze $24 million. Chainalysis estimates $17 billion was stolen in crypto crimes in 2025, with approval phishing and pig butchering schemes driving much of the losses. Victims can check dedicated portals from all three countries, and all crypto users should audit and revoke stale token approvals.