US, UK and Canadian authorities ran a joint enforcement operation against crypto phishing scams in March 2026. Operation Atlantic froze more than $12 million in criminal proceeds and identified over 20,000 victims across three countries.
What approval phishing actually does
Regular phishing asks you to send funds. Approval phishing is different. Scammers trick users into signing a malicious permission, which then gives attackers access to specific tokens inside the victim's crypto wallet - drainable at any time after signing.
The victim never sends anything directly. They just approve a transaction - without realizing what they just authorized. This makes it particularly dangerous for experienced DeFi users who routinely sign wallet requests without reading every detail.
The numbers behind the operation
Investigators identified more than $45 million stolen across crypto fraud schemes. The $12 million frozen represents assets that authorities could seize during the March operation. Over 20,000 victims were identified in the US, Canada and the UK combined.
How Binance helped the investigation
Binance's Special Investigations team worked from NCA's London office during the operation. They ran live account screening, shared scam intelligence and identified phishing websites that were still actively defrauding victims at the time.
No funds were frozen on Binance accounts. The exchange's role was purely analytical. Blockchain transparency made it possible to trace asset flows and connect them to real seizure targets in other networks.
Why private-public cooperation matters
NCA Deputy Director Miles Bonfield called Operation Atlantic a model for what law enforcement and private industry can achieve together. For the crypto sector, this is one more data point showing exchanges are becoming routine partners in criminal investigations.
Approval phishing is one of the most damaging attack types in DeFi. Binance's Flavio Tonon noted that blockchain transparency makes it harder for criminals to escape consequences. The attack itself, though, remains simple to execute - and effective against users who do not read what they are signing.
Public-private enforcement as a new standard
Operation Atlantic is not the first case where a crypto exchange served as an active law enforcement partner. This collaboration model is becoming an industry norm. The next step is prevention: detecting malicious approval contracts before victims sign them.
Comments
Your email address will not be published. Required fields are marked *