Skip to main content
Emerging ThreatsMalware & Ransomware

Authorities Disrupt $12m Crypto Scam Targeting 20,000 Victims

Person sitting at desk with paperwork, laptop, and phone showing suspicious transaction notification.

What happens when thousands of people click "approve" without fully understanding the consequence? For more than 20,000 crypto users across three countries, that single click appears to have been the difference between ownership and empty wallet.

What authorities uncovered

Operation Atlantic, a cross-border enforcement effort led by UK, US and Canadian authorities, has identified more than 20,000 victims of so-called approval phishing scams and seized roughly $12 million in crypto losses, according to official reporting. Authorities say these scams trick users into handing over full access to their crypto wallets by exploiting approval prompts.

How the scam works, in brief

Prosecutors and investigators describe the tactic as an approval phishing scheme: a deceptive interaction that convinces a wallet owner to grant permissions that effectively transfer control of the wallet. The result reported by authorities is widespread — over 20,000 identified victims — and large enough to prompt an international coordinated response that recovered approximately $12 million.

Why this matters — perspectives to consider

  • Technologists: Rapid growth and complexity in crypto tooling can create dangerous user experience pitfalls. When an interface allows a single approval to grant broad access, usability and security designs are implicated. The scale of identified victims suggests systemic user-interface or education failures that technologists will need to address.
  • Policymakers: The cross-border nature of the problem — spanning the UK, the US and Canada — underscores challenges for legal frameworks and international cooperation. Authorities mounting an operation that identified thousands of victims and seized millions highlights both the scope of the harm and the necessity for transnational investigative mechanisms.
  • Users: For individual crypto holders the episode is a stark reminder that a routine prompt can have outsized consequences. According to the authorities involved, these scams rely on tricking users into granting permissions that surrender full wallet access — a risk every user now faces.
  • Adversaries: The success of these schemes demonstrates that fraudsters can scale social-engineering attacks to affect tens of thousands of people, making low-cost, high-impact operations attractive to criminal networks. The seizure of funds in Operation Atlantic will complicate adversary incentives, but the identification of so many victims shows the model remains effective.

What this leaves us with

Operation Atlantic’s results — more than 20,000 victims identified and about $12 million seized — offer both a warning and a blueprint. The warning: common interface actions can be weaponized at scale. The blueprint: multinational coordination can trace, identify and recover assets. But recovery and identification are only part of the equation; preventing the next wave will require changes across product design, user education and international policy. If a single approval can empty a wallet, how many approvals are being clicked today without full comprehension?

https://www.infosecurity-magazine.com/news/operation-atlantic-seizes-12m/