‘Operation Atlantic’ Targets $45 Million in Stolen Crypto in Joint US-UK Crackdown
A coordinated international effort dubbed “Operation Atlantic” has led to the identification of roughly $45 million in stolen cryptocurrency and the freezing of $12 million in digital assets linked to large-scale fraud schemes, according to an announcement from participating agencies and firms.
The operation brought together major crypto exchanges such as Coinbase, Binance, and Kraken with law enforcement bodies including the United States Secret Service and the United Kingdom’s National Crime Agency (NCA). Their shared objective: trace illicit funds tied to widespread “approval phishing” scams and, wherever possible, return money to victims.
20,000 Victims Caught in Approval Phishing Schemes
Over the course of the investigation, more than 20,000 victims of approval phishing were identified. These scams typically trick users into signing malicious blockchain transactions that grant scammers permission to drain funds from wallets, often without the victims realizing what they have approved.
Unlike traditional phishing that steals login credentials, approval phishing exploits the way decentralized applications and smart contracts request permissions. Victims may believe they are authorizing a routine DeFi interaction, NFT mint, or token swap, when in reality they are giving attackers ongoing access to move tokens out of their wallets.
By analyzing on-chain data and exchange records, Operation Atlantic participants were able to link a significant number of these fraudulent approvals to common infrastructure, wallets, and cash-out patterns. This allowed them to map large fraud networks rather than treating each victim as an isolated incident.
Coinbase’s Role and the London “Operational Sprint”
Coinbase said its Global Intelligence team played a central role in the initiative, working closely with multiple international law enforcement agencies in what it described as a focused “operational sprint” hosted at the NCA’s headquarters in London.
According to Coinbase, the sprint had a clear three-part mandate:
1. Identify victims of approval phishing at scale.
2. Trace the path of the stolen assets across blockchains and through intermediaries.
3. Disrupt the technical and financial infrastructure enabling the fraud.
The firm’s analysts used blockchain analytics, transaction clustering, and exchange compliance data to follow stolen funds as they moved through mixers, cross-chain bridges, and intermediary wallets. Coordinating those insights with law enforcement gave agencies the evidence they needed to seek freezes and seizures across multiple jurisdictions.
Exchanges and Agencies Move to Freeze Funds
Through this coordinated work, approximately $45 million in suspicious funds was flagged as likely tied to fraud schemes. Of that, $12 million has already been frozen by compliant platforms, with the intention of returning assets to verified victims where legal frameworks permit.
The involvement of major centralized exchanges was critical. While a significant portion of approval phishing proceeds remains in self-custodied wallets or moves to harder-to-trace venues, criminals frequently attempt to cash out into fiat or more liquid assets via well-known exchanges. By flagging suspect wallets and imposing account restrictions, platforms like Coinbase, Binance, and Kraken helped choke off cash-out opportunities.
Law enforcement agencies, including the US Secret Service and the NCA, used these flags to support asset-freeze orders and, in some cases, to build broader cases against organized fraud groups operating across borders.
Why Approval Phishing Is So Dangerous
Approval phishing has become one of the fastest-growing forms of crypto crime for several reasons:
– It exploits user trust in familiar tools. Scammers often deploy lookalike websites or interfaces that mimic legitimate DeFi protocols, NFT marketplaces, or wallet apps.
– Permissions can be broad and long-lasting. An approval can give a smart contract ongoing access to move tokens without repeated confirmation from the user.
– Losses can be delayed. Attackers sometimes wait days or weeks before draining wallets, making it harder for victims to connect the theft to a specific transaction they signed.
– Revoking approvals is non-intuitive. Many users do not understand that they can (and often should) periodically revoke token approvals, and fewer still know how to check which contracts already have access.
Because approvals are transparent on-chain but often opaque to non-technical users in practice, criminals have found them an ideal vector to scale scams while maintaining a thin veneer of “consent.”
How Investigators Trace Stolen Crypto
Despite the perception that cryptocurrency is anonymous, most major blockchains are transparent and trackable. Operation Atlantic leaned heavily on that transparency.
Investigators typically follow a multi-step process:
1. Identify victim wallets and suspicious transactions. This can start with user reports, exchange flags, or anomaly detection tools.
2. Cluster related wallets. By analyzing transaction patterns, shared infrastructure, and behavioral signals, analysts group addresses likely controlled by the same entity.
3. Follow the money. Funds are tracked as they move through intermediary wallets, mixers, and cross-chain bridges.
4. Locate exit points. When illicit funds hit centralized exchanges or payment processors, those entities can be compelled or persuaded to freeze assets.
5. Link to real-world identities. Through KYC records, device fingerprints, and additional evidence, law enforcement may connect on-chain activity to individuals or organizations.
Operation Atlantic combined these methods with real-time intelligence sharing between crypto firms and government agencies, significantly reducing the time window in which scammers could safely move or cash out funds.
Implications for Victims: Can Funds Be Recovered?
The freezing of $12 million is a rare piece of good news in an environment where crypto theft usually results in permanent loss. However, asset recovery remains complex and far from guaranteed.
Several factors influence whether victims get their money back:
– Jurisdiction and legal process. Courts often must authorize the return of seized funds, which can be slow and contested.
– Proof of ownership. Victims must provide evidence that the stolen funds belong to them, particularly when multiple parties are affected.
– Asset fragmentation. Stolen funds may be split across many wallets or converted into other tokens, complicating restitution.
– Operational priorities. Law enforcement may focus first on disrupting active criminal networks rather than individual reimbursements.
Operation Atlantic’s participants have emphasized their intention to return frozen funds “where possible,” but they have also acknowledged that not all victims will be made whole. Even so, the initiative signals a shift toward more proactive, coordinated recovery efforts in the crypto sector.
A Template for Future Cross-Border Crypto Enforcement
Operation Atlantic highlights how cooperation between the private and public sectors is becoming essential for tackling crypto crime. No single exchange or agency has full visibility into complex, multi-chain fraud networks, but shared intelligence can significantly increase the impact of enforcement actions.
This model of collaboration may become more common, particularly as regulators call for stronger consumer protections and more robust anti-money-laundering controls in digital asset markets. Joint task forces, intelligence hubs, and rapid-response “sprints” like the one held in London are likely to be replicated in other regions.
For crypto businesses, participation in such operations can also be a way to demonstrate compliance seriousness, improve relationships with regulators, and build user trust at a time when security concerns remain a major barrier to mainstream adoption.
What Crypto Users Can Do to Protect Themselves
While large-scale operations help limit damage and deter criminals, individual users remain the first line of defense against approval phishing and related scams. Several practical steps can reduce risk substantially:
– Scrutinize every approval. Before signing any transaction, especially one that grants token approvals, carefully read the prompts and double-check the contract address.
– Use official apps and URLs only. Access DeFi protocols, NFT platforms, and wallets from verified sources, and bookmark them rather than following random links.
– Regularly review token approvals. Use wallet tools or blockchain explorers that allow you to see which contracts have spending permission and revoke unnecessary approvals.
– Segment your funds. Keep only limited amounts in hot wallets used for experimentation or DeFi activities, and store larger sums in more secure setups.
– Be wary of urgency and “too good to be true” offers. Many phishing campaigns rely on manufactured urgency or unrealistic returns to push users into careless clicks.
These habits do not make users immune, but they significantly reduce the likelihood of falling victim to automated, large-scale fraud campaigns of the kind targeted in Operation Atlantic.
The Broader Impact on Crypto’s Reputation
Large fraud cases and phishing waves have repeatedly damaged public perception of the crypto industry, reinforcing narratives that digital assets are inherently unsafe or lawless. Initiatives like Operation Atlantic push back against that image by showing that both industry and law enforcement are capable of meaningful action.
If this level of coordination becomes routine, it could influence regulatory debates, giving policymakers more confidence that abuses can be controlled without completely stifling innovation. For legitimate projects and users, a more hostile environment for scammers ultimately supports more sustainable growth.
However, the success of such operations also raises expectations. As tools improve for tracing funds and freezing assets, regulators may demand faster, more consistent responses to new incidents. Exchanges and service providers will face increasing pressure to detect suspicious activity early, invest in analytics, and maintain robust compliance teams.
A Turning Point in the Fight Against Crypto Fraud?
Operation Atlantic does not eliminate approval phishing or broader crypto crime, but it marks a notable escalation in how seriously these threats are being addressed. Coordinated freezes of millions in stolen funds send a clear signal to fraudsters that the era of easy cash-outs is diminishing.
For now, the initiative stands as a proof of concept: by merging the technical expertise of leading crypto firms with the legal authority and investigative power of government agencies, it is possible to materially disrupt large-scale fraud, identify thousands of victims, and recover at least a portion of what was stolen.
Whether this becomes a one-off headline or the start of a sustained enforcement model will depend on how consistently the involved parties-and others across the industry-keep investing in shared intelligence, rapid coordination, and user education. What is increasingly clear is that the future of crypto security will be shaped as much by collaboration and governance as by code.