Operation Atlantic: A proactive strike against evolving crypto scams
Crypto scams have become highly sophisticated cross-border operations that exploit advanced technology and human psychology. By the time victims become aware of the fraud, the stolen cryptocurrency is often rapidly dispersed across a chain of wallets and exchanges in multiple countries.
Operation Atlantic represents a coordinated international effort by law enforcement agencies from the US, the UK and Canada to counter this threat. Rather than limiting itself to post-incident investigations, the operation focuses on identifying, tracking and disrupting crypto scams while they are still in progress.
The initiative brings together key agencies, including the US Secret Service, the US Attorney’s Office for the District of Columbia, the Ontario Provincial Police, the Ontario Securities Commission, the Royal Canadian Mounted Police, the UK Financial Conduct Authority, the UK National Crime Agency and the City of London Police.
Contrary to conventional investigations that begin only after funds have been stolen, Operation Atlantic is structured to:
Identify victims who are at risk
Detect active scam infrastructure
Interrupt fraudulent transactions
Help recovery efforts where feasible
Officials have stressed that the primary objective is to disrupt scams in near real time, marking a significant shift toward faster, more proactive enforcement strategies.
Why approval phishing lies at the heart of Operation Atlantic
A particular form of fraud known as approval phishing lies at the center of Operation Atlantic. Rather than stealing private keys or seed phrases, attackers deceive users into signing what appear to be legitimate blockchain transactions.
These transactions grant scammers permission to spend tokens directly from a victim’s wallet. Once approval is given, the attacker gains the ability to:
Drain funds at any time
Avoid immediate detection
Combine the exploit with convincing social engineering narratives
This makes approval phishing particularly dangerous. Victims often remain unaware that anything is wrong until their assets begin disappearing.
Scammers frequently integrate this technique into larger scams, such as fake investment platforms or gradual trust-building schemes.
From investigation to intervention
The standout feature of Operation Atlantic is its emphasis on real-time disruption rather than post-event analysis.
This strategy rests on a straightforward idea: While crypto transactions are irreversible, they are also public and fully traceable.
By using blockchain analytics, authorities and private-sector partners can:
Detect suspicious wallet activity
Identify addresses linked to known scams
Track fund flows toward exchanges or liquidity pools
Alert platforms and investigators
Contact victims before their funds are completely drained
This model does not guarantee full recovery, but it opens a critical window during which meaningful intervention remains possible.
Did you know? The US Secret Service, originally established to combat currency counterfeiting in 1865, now tracks crypto fraud using blockchain analytics. It is one of the oldest agencies adapting to one of the newest financial systems.
Building on earlier initiatives
Operation Atlantic did not happen overnight. It builds upon earlier efforts such as Project Atlas, which was launched in 2024 by Canadian authorities in partnership with the US Secret Service to target crypto fraud networks.
It also draws on lessons from Operation Spincaster, an effort that involved blockchain analytics firms, exchanges and law enforcement agencies.
Spincaster demonstrated that coordinated action could deliver tangible results:
Thousands of scam-linked wallet leads identified
Significant losses mapped across jurisdictions
In some cases, victims were warned in time to revoke malicious approvals
These initiatives suggest that crypto fraud can be interrupted while it is still in progress.
What “real time” actually means
The concept of real-time disruption is sometimes misunderstood. It does not mean instant recovery or guaranteed prevention.
Instead, it operates across three stages:
Pre-loss prevention: spotting suspicious approvals before funds are moved
Mid-transaction disruption: flagging or freezing assets during transfers
Post-loss response: attempting recovery after funds have been dispersed
Operation Atlantic concentrates mainly on the first two stages, where intervention is still feasible.
Its success depends on how quickly data can be analyzed, shared and acted upon across borders and platforms.
Did you know? Approval phishing scams often exploit wallet permissions rather than passwords, which means victims technically authorize the theft themselves. This psychological twist makes these scams harder to detect than traditional hacking attempts.
Why scams now operate like organized networks
Approval phishing scams are generally not standalone events. They typically operate as structured networks with several interconnected parts:
Social engineering pipelines to attract victims
Fake interfaces or decentralized applications
Wallet approval mechanisms
Consolidation addresses used to pool stolen funds
Exchange off-ramps for cashing out
This layered setup allows scammers to scale their operations while reducing the likelihood of detection.
Operation Atlantic treats these scams as coordinated financial networks rather than isolated crimes, an approach that is central to its real-time disruption strategy.
The scale of the problem
The urgency behind Operation Atlantic stems from the enormous scale of crypto fraud.
Approval phishing alone has been linked to billions of dollars in losses in recent years, affecting thousands of victims across multiple jurisdictions.
Even more concerning is that many incidents go unreported, suggesting the true losses may be substantially higher.
Monthly figures also show that while overall exploit losses may vary, phishing attacks continue to rise, confirming that user-targeted scams remain one of the most persistent threats in crypto.
Did you know? Law enforcement agencies increasingly use blockchain clustering to map entire scam networks, sometimes revealing thousands of linked wallets behind a single fraud operation. This forensic technique groups related wallet addresses.
The role of public-private coordination
A key aspect of Operation Atlantic is the close partnership between law enforcement and private-sector organizations.
Each participant contributes in specific ways:
Blockchain analytics firms identify suspicious patterns and wallet clusters
Exchanges monitor inflows and flag deposits linked to scams
Stablecoin issuers may help freeze funds in targeted cases
Platforms and wallets can warn users or block malicious interactions
This level of coordination enables faster responses than conventional investigations, which often rely on slower legal procedures.
At the same time, it raises expectations for platforms to play a more active role in fraud detection.
The limits of real-time disruption
Despite its goals, Operation Atlantic faces several structural constraints:
Once funds are bridged or layered across multiple services, recovery becomes extremely difficult
User behavior remains a major vulnerability, particularly in social engineering scenarios
Cross-border legal processes can still delay enforcement actions
Wallet anonymity makes victim identification more complicated
In many cases, the most realistic outcome is preventing further losses rather than achieving full recovery of stolen assets.
What this means going forward
Operation Atlantic reflects a broader shift in how crypto-related crime is being tackled.
Rather than viewing fraud as a fixed, one-time event, authorities now treat it as a dynamic, ongoing process that can be monitored and disrupted while it is still in progress.
For users, this shift may result in:
More frequent warnings about suspicious transactions
Greater emphasis on understanding wallet permissions
Increased awareness of scam risks
For platforms, it could lead to:
Higher expectations for transaction monitoring
Deeper collaboration with law enforcement
Integration of real-time risk detection tools