Skip to main content
Sign in
Operation Atlantic Approval Phishing Network1 decision on this page

Audit log

Every state-changing event for Operation Atlantic Approval Phishing Network: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-15 12:07:17Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 426,630,988
    sig
    dxZdSFbH8oFw…KV6oQrejexplorer ↗
    hash
    CM7ZJBPN14wc…hTtSTomCsha256 → base58
    verifying row…full verify ↗
    canonical bytes (20093 B) ▸
    {"actor":"system:backfill","investigation_id":"15cc426f-104d-48d3-a394-8ba269b3e8e5","kind":"publish","page_slug":"operation-atlantic-approval-phishing-network","published_at":"2026-06-15T12:07:17.743Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Operation Atlantic Approval Phishing Network","sections":[{"content":"Operation Atlantic was a coordinated multinational law enforcement initiative targeting cryptocurrency approval phishing fraud networks. The operation ran for approximately one week in late March and early April 2026 and was co-hosted by four agencies: the U.S. Secret Service, the UK National Crime Agency (NCA), the Ontario Provincial Police (OPP), and the Ontario Securities Commission (OSC). Additional participating agencies included the Royal Canadian Mounted Police (RCMP), the City of London Police, the U.S. Attorney's Office for the District of Columbia, and the UK Financial Conduct Authority (FCA). Investigators operated out of coordination hubs in Washington D.C., San Francisco, Canada, and England, enabling near real-time tracking and disruption of active fraud schemes. The operation was publicly announced in two phases: a launch announcement on March 16, 2026, and a results announcement on April 9, 2026.","heading":"Operation Overview","severity":"low","sources":[{"credibility":1,"name":"U.S. Secret Service: International Law Enforcement Operation Seeks to Disrupt Crypto Fraud (March 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/03/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"},{"credibility":1,"name":"U.S. Secret Service: Operation Atlantic Disrupts More Than $45 Million in Cryptocurrency Fraud (April 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"credibility":2,"name":"CoinDesk: U.S., UK, Canada Start Operation Atlantic to Disrupt Crypto Approval-Phishing Scams","type":"news_article","url":"https://www.coindesk.com/business/2026/03/16/u-s-uk-canada-start-operation-atlantic-to-disrupt-crypto-approval-phishing-scams"}]},{"content":"Approval phishing is a fraud technique that exploits the ERC-20 token standard's `approve()` function. Rather than stealing a victim's private keys, attackers manipulate victims into signing a blockchain transaction that grants the attacker's wallet address permission to spend specific tokens held in the victim's wallet. The scam typically unfolds in three steps: scammers deploy fake decentralized finance (DeFi) interfaces, airdrop claim pages, or fraudulent pop-up advertisements; the victim connects their wallet and is presented with an approval prompt that appears legitimate; and once signed, the attacker gains unlimited spending permission over one or more token types and can drain the wallet at any time. A newer variant known as permit signature phishing is considered harder to detect. In this method, the victim signs an off-chain message rather than submitting an on-chain transaction, meaning the authorization never appears in the victim's transaction history. The attacker later submits the signed permit to execute the transfer, causing tokens to disappear without any visible record of the approval event. Approval phishing is frequently the technical endgame of pig butchering scams, in which fraudsters build trust with victims over weeks or months before directing them to a fraudulent platform where the phishing approval is obtained. According to Chainalysis data cited in the Phemex analysis of Operation Atlantic, approval phishing losses exceeded $1 billion across 2024 and 2025 combined, and Chainalysis had previously reported $2.7 billion stolen via approval phishing between May 2021 and July 2024.","heading":"Target Crime: Approval Phishing","severity":"critical","sources":[{"credibility":2,"name":"Phemex: Operation Atlantic Approval Phishing Explained","type":"research","url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"},{"credibility":2,"name":"CoinTelegraph: US, UK, Canada Enforcement Operation Crypto Fraud","type":"news_article","url":"https://cointelegraph.com/news/us-uk-canada-enforcement-operation-crypto-fraud"},{"credibility":2,"name":"Chainalysis: Operation Atlantic — Freezing Crypto Scam Proceeds","type":"research","url":"https://www.chainalysis.com/blog/operation-atlantic-freezing-crypto-scam-proceeds/"}]},{"content":"According to the U.S. Secret Service's April 9, 2026 results announcement, Operation Atlantic produced the following outcomes: $12 million in stolen cryptocurrency was frozen for potential restitution to victims; a further $33 million suspected of fraud linkage was identified for continued investigation, bringing total identified fraud to $45 million; more than 20,000 cryptocurrency wallet addresses linked to fraud victims were identified; more than 3,000 account holders were directly contacted and warned by law enforcement analysts; over 120 web domains used by scammers were disrupted; and fraud victims were located in more than 30 countries. Investigators tracked cryptocurrency transactions in near real-time and contacted affected wallet holders to educate them about the scam and to assist them in revoking unauthorized spending permissions. One specific victim case cited in reporting involved a UK resident who lost approximately 52,000 GBP through a single approval phishing transaction. No public announcement of criminal arrests, indictments, or named defendants was made in connection with this operation. The stated mandate focused on disruption, asset freezing, and victim outreach rather than prosecution.","heading":"Operational Results and Scope","severity":"high","sources":[{"credibility":1,"name":"U.S. Secret Service: Operation Atlantic Disrupts More Than $45 Million in Cryptocurrency Fraud (April 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"credibility":1,"name":"U.S. Secret Service Behind the Shades: Multi-National Operation Atlantic Targets Approval Phishing","type":"regulatory","url":"https://www.secretservice.gov/newsroom/behind-the-shades/2026/04/multi-national-operation-atlantic-targets-approval-phishing"},{"credibility":2,"name":"Phemex: Operation Atlantic Approval Phishing Explained","type":"research","url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"}]},{"content":"Operation Atlantic was co-hosted by four agencies across three countries. The following officials were publicly named in connection with the operation. From the U.S. Secret Service: Brent Daniels, identified in the March launch announcement as Deputy Assistant Director of the Office of Field Operations, and identified in the April results announcement as Assistant Director of the Office of Field Operations. From the UK National Crime Agency: Paul Foster, Deputy Director of Cyber, named in the March announcement; and Miles Bonfield, Deputy Director of Investigations, named in the April announcement. From the Ontario Securities Commission: Bonnie Lysyk, Executive Vice President of Enforcement. From the Ontario Provincial Police: Jennifer Spurrell, Detective Superintendent and Director of the Financial Crimes Services Bureau. The City of London Police, the Royal Canadian Mounted Police, the UK Financial Conduct Authority, and the U.S. Attorney's Office for the District of Columbia also participated. The Ontario Securities Commission independently published its own press release confirming participation.","heading":"Participating Agencies and Key Officials","severity":"low","sources":[{"credibility":1,"name":"U.S. Secret Service: Operation Atlantic Results Announcement (April 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"credibility":1,"name":"Ontario Securities Commission: International Law Enforcement Operation Seeks to Disrupt Crypto Fraud","type":"regulatory","url":"https://www.osc.ca/en/news-events/news/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"}]},{"content":"Operation Atlantic builds directly on two prior enforcement initiatives that established the cross-border cooperation frameworks and blockchain forensics capabilities deployed in the 2026 operation. Project Atlas, launched in 2024 by the Ontario Provincial Police in partnership with the U.S. Secret Service, targeted global crypto investment fraud and identified over 2,000 compromised wallet addresses across 14 countries, disrupted approximately $70 million in potential fraud, and froze approximately $24 million in stolen cryptocurrency. Operation Spincaster, also conducted in 2024 and involving Chainalysis as an analytic partner, generated more than 7,000 investigative leads tied to approximately $162 million in losses from approval phishing schemes. Operation Atlantic is described by participating agencies and analysts as a scaling and expansion of these prior efforts, applying the same real-time blockchain analytics methodology across a broader international coalition. Chainalysis has been publicly identified as an on-chain analytics partner in reporting on Operation Atlantic, consistent with its role in predecessor operations.","heading":"Predecessor Operations and Institutional Context","severity":"low","sources":[{"credibility":2,"name":"CoinTelegraph: Inside Operation Atlantic's Push to Disrupt Crypto Scams in Real Time","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:244d0ccea094b:0-how-operation-atlantic-aims-to-disrupt-crypto-scam-networks-in-real-time/"},{"credibility":2,"name":"Crypto Times: Operation Atlantic — US, UK, Canada Moves to Target Crypto Scams","type":"news_article","url":"https://www.cryptotimes.io/2026/03/16/operation-atlantic-us-uk-canada-moves-to-target-crypto-scams/"},{"credibility":2,"name":"CoinDesk: U.S., UK, Canada Start Operation Atlantic","type":"news_article","url":"https://www.coindesk.com/business/2026/03/16/u-s-uk-canada-start-operation-atlantic-to-disrupt-crypto-approval-phishing-scams"}]},{"content":"Operation Atlantic took place against a backdrop of escalating cryptocurrency scam activity. Chainalysis data indicates that crypto scams generated at least $14 billion in on-chain revenue in 2025, with projections toward $17 billion as more illicit wallets are identified. According to the 2026 Crypto Crime Report cited in reporting on Operation Atlantic, approval phishing losses alone exceeded $1 billion across 2024 and 2025 combined, with approximately $300 million in phishing losses recorded in January 2026 alone. Criminals have increasingly incorporated social engineering, AI-generated content, and phishing-as-a-service platforms to scale these operations. The $45 million identified by Operation Atlantic, while significant as a targeted enforcement action, represents a fraction of the total global approval phishing loss landscape.","heading":"Broader Fraud Landscape","severity":"high","sources":[{"credibility":2,"name":"Phemex: Operation Atlantic Approval Phishing Explained","type":"research","url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"},{"credibility":2,"name":"Chainalysis: Operation Atlantic — Freezing Crypto Scam Proceeds","type":"research","url":"https://www.chainalysis.com/blog/operation-atlantic-freezing-crypto-scam-proceeds/"},{"credibility":2,"name":"Crypto Times: 2026 Pig Butchering Reckoning","type":"news_article","url":"https://www.cryptotimes.io/2026/05/05/2026-pig-butchering-crypto-scam-crackdowns/"}]},{"content":"As part of Operation Atlantic's stated disruption strategy, law enforcement analysts directly contacted more than 3,000 identified victims to warn them about compromised wallet permissions and guide them through remediation steps. Publicly documented guidance includes the use of Revoke.cash, a tool that allows users to review and revoke active token approvals on their wallets. Agencies recommended this as a regular practice for any user who has interacted with DeFi protocols or connected their wallet to third-party services. Victims who believe they may have been affected by approval phishing are advised to review wallet permissions immediately, revoke any unknown or suspicious allowances, and report incidents to relevant national agencies. In the United States, relevant reporting channels include the Secret Service and the FBI's Internet Crime Complaint Center (IC3). In the UK, reports can be directed to the National Crime Agency and Action Fraud.","heading":"Victim Protection and Remediation Guidance","severity":"medium","sources":[{"credibility":1,"name":"U.S. Secret Service: Operation Atlantic Results Announcement (April 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"credibility":2,"name":"Phemex: Operation Atlantic Approval Phishing Explained","type":"research","url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"}]}],"sources_used":[{"credibility":1,"name":"U.S. Secret Service: International Law Enforcement Operation Seeks to Disrupt Crypto Fraud (March 16, 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/03/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"},{"credibility":1,"name":"U.S. Secret Service: Operation Atlantic Disrupts More Than $45 Million in Cryptocurrency Fraud, Freezes $12 Million in Stolen Funds (April 9, 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"credibility":1,"name":"U.S. Secret Service Behind the Shades: Multi-National Operation Atlantic Targets Approval Phishing (April 2026)","type":"regulatory","url":"https://www.secretservice.gov/newsroom/behind-the-shades/2026/04/multi-national-operation-atlantic-targets-approval-phishing"},{"credibility":1,"name":"Ontario Securities Commission: International Law Enforcement Operation Seeks to Disrupt Crypto Fraud","type":"regulatory","url":"https://www.osc.ca/en/news-events/news/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"},{"credibility":2,"name":"CoinDesk: U.S., UK, Canada Start Operation Atlantic to Disrupt Crypto Approval-Phishing Scams (March 16, 2026)","type":"news_article","url":"https://www.coindesk.com/business/2026/03/16/u-s-uk-canada-start-operation-atlantic-to-disrupt-crypto-approval-phishing-scams"},{"credibility":2,"name":"CoinTelegraph: US, UK, Canada Launch Joint Operation Targeting Crypto Fraud","type":"news_article","url":"https://cointelegraph.com/news/us-uk-canada-enforcement-operation-crypto-fraud"},{"credibility":2,"name":"Chainalysis: Operation Atlantic — Freezing Crypto Scam Proceeds","type":"research","url":"https://www.chainalysis.com/blog/operation-atlantic-freezing-crypto-scam-proceeds/"},{"credibility":2,"name":"Phemex: Operation Atlantic Approval Phishing Explained","type":"research","url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"},{"credibility":2,"name":"Crypto Times: Operation Atlantic — US, UK, Canada Moves to Target Crypto Scams (March 16, 2026)","type":"news_article","url":"https://www.cryptotimes.io/2026/03/16/operation-atlantic-us-uk-canada-moves-to-target-crypto-scams/"},{"credibility":2,"name":"Crypto Times: NCA Operation Atlantic Freezes $12M in Crypto Scam Cases","type":"news_article","url":"https://www.cryptotimes.io/2026/04/09/nca-operation-atlantic-freezes-12m-in-crypto-scam-cases/"},{"credibility":2,"name":"Crypto Times: 2026 Pig Butchering Reckoning — Inside the Year's Biggest Crypto Scam Crackdowns","type":"news_article","url":"https://www.cryptotimes.io/2026/05/05/2026-pig-butchering-crypto-scam-crackdowns/"},{"credibility":2,"name":"CoinTelegraph via TradingView: Inside Operation Atlantic's Push to Disrupt Crypto Scams in Real Time","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:244d0ccea094b:0-how-operation-atlantic-aims-to-disrupt-crypto-scam-networks-in-real-time/"}],"summary":"Operation Atlantic was a week-long multinational law enforcement operation conducted in late March and early April 2026, co-hosted by the U.S. Secret Service, the UK National Crime Agency, the Ontario Provincial Police, and the Ontario Securities Commission. The operation targeted cryptocurrency approval phishing fraud networks spanning more than 30 countries, resulting in $12 million in stolen funds frozen, over 20,000 compromised wallet addresses identified, 120 scam domains disrupted, and $45 million in total fraud identified. No criminal arrests or indictments were publicly announced as part of this operation; its primary mandate was disruption, victim outreach, and asset freezing.","timeline":[{"date":"2024-01-01","event":"Project Atlas launched by the Ontario Provincial Police and U.S. Secret Service, identifying 2,000+ compromised wallets across 14 countries and freezing approximately $24 million in stolen cryptocurrency.","source":"CoinTelegraph / Crypto Times","source_url":"https://www.cryptotimes.io/2026/03/16/operation-atlantic-us-uk-canada-moves-to-target-crypto-scams/"},{"date":"2024-01-01","event":"Operation Spincaster conducted with Chainalysis as analytic partner, generating 7,000+ investigative leads tied to approximately $162 million in approval phishing losses.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/03/16/u-s-uk-canada-start-operation-atlantic-to-disrupt-crypto-approval-phishing-scams"},{"date":"2026-03-16","event":"U.S. Secret Service, UK NCA, Ontario Provincial Police, and Ontario Securities Commission publicly announced the launch of Operation Atlantic, a multinational operation targeting cryptocurrency approval phishing fraud.","source":"U.S. Secret Service Press Release","source_url":"https://www.secretservice.gov/newsroom/releases/2026/03/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"},{"date":"2026-03-16","event":"CoinDesk, CoinTelegraph, and other crypto news outlets report on the Operation Atlantic launch, providing public awareness of the operation's scope and target crime.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/03/16/u-s-uk-canada-start-operation-atlantic-to-disrupt-crypto-approval-phishing-scams"},{"date":"2026-03-16","event":"Ontario Securities Commission independently confirms participation in Operation Atlantic via its own press release.","source":"Ontario Securities Commission","source_url":"https://www.osc.ca/en/news-events/news/international-law-enforcement-operation-seeks-disrupt-crypto-fraud"},{"date":"2026-04-01","event":"Week-long operational phase of Operation Atlantic concludes after running from late March through early April 2026, spanning investigative activity across 30+ countries.","source":"Phemex Blog","source_url":"https://phemex.com/blogs/operation-atlantic-approval-phishing-explained"},{"date":"2026-04-09","event":"U.S. Secret Service publishes results announcement: $12 million frozen, $45 million in total fraud identified, 20,000+ wallets flagged, 3,000+ victims contacted, 120+ scam domains disrupted.","source":"U.S. Secret Service Press Release","source_url":"https://www.secretservice.gov/newsroom/releases/2026/04/operation-atlantic-disrupts-more-45-million-cryptocurrency-fraud-freezes"},{"date":"2026-04-09","event":"U.S. Secret Service publishes Behind the Shades feature article providing additional technical detail on the approval phishing methodology and the operation's near real-time disruption approach.","source":"U.S. Secret Service Behind the Shades","source_url":"https://www.secretservice.gov/newsroom/behind-the-shades/2026/04/multi-national-operation-atlantic-targets-approval-phishing"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 12d97eb5-3b78-4112-857a-03dd866ade87
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.