‘Operation Atlantic’ Unites Exchanges and Law Enforcement to Hunt Down Stolen Crypto
A major cross-border crackdown on crypto crime has identified tens of millions of dollars in stolen digital assets and frozen a substantial portion of them, marking one of the most coordinated efforts yet between exchanges and law enforcement.
Under an initiative dubbed “Operation Atlantic,” leading crypto platforms such as Coinbase, Binance, and Kraken worked side by side with agencies including the United States Secret Service and the United Kingdom’s National Crime Agency (NCA). Together, they tracked roughly $45 million in funds linked to large-scale crypto fraud schemes and managed to freeze about $12 million, with the aim of returning those assets to victims.
The probe zeroed in on so‑called “approval phishing” scams-a fast-growing category of fraud in which attackers trick users into granting malicious permissions on their crypto wallets. More than 20,000 victims were identified during the investigation, according to those involved in the operation.
Coinbase said its Global Intelligence team spearheaded a targeted effort with international law enforcement partners, gathering at the NCA’s London headquarters for an intensive, time-bound push. The mission was, in their words, simple but urgent: find the victims, follow the stolen money across blockchains, and disrupt the networks and infrastructure that allow approval phishing to thrive-before more assets could be laundered or cashed out.
While only a fraction of the flagged $45 million has been locked down so far, participants in Operation Atlantic frame the results as a proof of concept: with aligned incentives, data sharing, and rapid response, it is possible to trace complex fraud schemes that cross borders and chains-and to intervene in time to save at least part of the stolen funds.
How Approval Phishing Works
Approval phishing takes advantage of how modern crypto wallets and decentralized applications manage permissions. Instead of stealing passwords or seed phrases outright, scammers aim to get users to “approve” access that looks legitimate but in reality hands over control of their tokens.
Typically, victims are funneled to a fake website or dApp that closely imitates a well-known platform, NFT marketplace, or DeFi protocol. When they connect their wallet and sign a transaction, they believe they are performing a routine action-like staking tokens or claiming a reward. In fact, they are authorizing an unlimited spending allowance or a transfer that lets the attacker drain their assets over time.
Because these approvals are technically “consented to” on‑chain, reversing them is not straightforward. That makes timely detection and coordinated intervention from exchanges and authorities crucial if funds are to be frozen before they move through mixers, cross-chain bridges, or obscure trading pairs and become far harder to trace.
Why Exchanges Are Central to the Crackdown
Although crypto was designed to be peer‑to‑peer, centralized exchanges remain choke points in the ecosystem. Many scammers ultimately attempt to cash out their profits on large platforms with deep liquidity, where stolen assets can be swapped for stablecoins or fiat currency.
Operation Atlantic leaned on this reality. Armed with blockchain intelligence-the transaction graphs, wallet clustering, and risk scoring that analytics teams use-exchanges could flag specific addresses and transaction patterns linked to the approval phishing rings. When suspicious funds hit their platforms, they were ready to either block withdrawals or freeze accounts, preserving assets while the legal process unfolded.
This approach highlights a shift in how exchanges view their role. Rather than merely complying with one-off legal requests, they are increasingly embedded in proactive investigations, using their own compliance and data teams as front‑line defenses against large‑scale fraud.
Cross-Border Cooperation Becomes the Default
The involvement of both the US Secret Service and the UK’s NCA underscores how borderless crypto crime has become-and how jurisdictions are adapting. Criminals often move funds through wallets, services, and exchange accounts spread across multiple countries in an attempt to exploit differences in regulation and enforcement.
By coordinating in a concentrated “sprint” hosted in London, investigators could shorten the usual lag between identifying suspicious flow on-chain and acting on it. Instead of waiting weeks for formal requests and responses, agencies and companies worked side by side, rapidly sharing intelligence, mapping out the fraud networks, and aligning next steps in near real-time.
This operational model-intensive, collaborative, and data-driven-may become a template for future efforts that target other types of crypto-enabled crime, from ransomware to investment scams and romance fraud.
What the Numbers Reveal About Crypto Fraud
The headline figures from Operation Atlantic-$45 million in suspected stolen funds, $12 million frozen, over 20,000 victims-illustrate both the scale of the problem and the difficulty of catching every stolen dollar.
The gap between identified and frozen funds reflects how quickly scammers can move assets once they gain control. Many will route stolen tokens through multiple wallets, swap them across chains, convert them into privacy-focused currencies, or use sophisticated mixing services. Every hop adds complexity to the investigative trail.
At the same time, recovering even a subset of funds for thousands of victims is a significant achievement in a space where people often assume that once crypto is gone, it is gone forever. The operation demonstrates that blockchains, which publicly record every transaction, can be turned from a tool of criminals into a weapon against them-if the right expertise and cooperation are in place.
Implications for Everyday Crypto Users
For individual investors and traders, Operation Atlantic sends two clear messages. First, law enforcement and exchanges are becoming much more capable of tracing illicit activity. Second, prevention is still the best defense-because even a successful investigation may only recover part of what was taken.
Users need to understand that a wallet signature is not a harmless click. Approving a smart contract can grant it far-reaching powers over your assets. Before signing anything:
– Double‑check the website address and ensure it matches the official domain of the service you intend to use.
– Verify dApps and token contracts directly from your wallet interface or a known directory, not through random links.
– Use hardware wallets and set spending limits wherever possible to reduce the impact of a compromised approval.
– Regularly review and revoke unnecessary or suspicious approvals using your wallet’s permissions tools.
Operation Atlantic also underscores the value of choosing reputable platforms. Exchanges with strong compliance and security teams are better positioned to detect abnormal behavior and cooperate with authorities if something goes wrong.
How Investigators Track Stolen Crypto
Behind the scenes, Operation Atlantic relied on advanced blockchain forensics. Investigators combined on-chain data with off-chain information such as IP addresses, device fingerprints, KYC records from exchanges, and open-source intelligence.
Clusters of addresses linked to the same fraud operation can be identified by patterns: repeated use of specific smart contracts, timing of transactions, or routing through known “hot” wallets and services. Once a cluster is tagged as malicious, its entire network of transaction counterparts comes under scrutiny.
This kind of analytics is labor-intensive but increasingly augmented by automated tools and machine learning, enabling teams to flag suspicious activity much faster than in the early days of crypto. The presence of exchanges like Coinbase, Binance, and Kraken in Operation Atlantic ensured that on-chain clues could be quickly correlated with real-world account data, where legal frameworks allow.
The Regulatory and Policy Angle
Operations like this also feed into ongoing debates around crypto regulation. Policymakers often argue that digital assets facilitate crime, while industry advocates highlight transparent ledgers and traceability. Operation Atlantic provides concrete evidence for both sides.
On one hand, the sheer number of victims and the size of the stolen sums underline the need for robust consumer protection, clear rules on platform responsibilities, and education campaigns. On the other hand, the ability to follow the money so precisely, freeze assets, and assist victims demonstrates that crypto is far from a lawless frontier.
In practice, this is likely to accelerate efforts to formalize standards for information sharing between private companies and public agencies, define thresholds for mandatory reporting of suspicious activity, and harmonize rules across jurisdictions to prevent regulatory arbitrage.
What Comes Next for Operation Atlantic
Although public statements have focused on the initial sprint and headline figures, the work of Operation Atlantic is unlikely to be over. Investigations into the individuals and groups behind the approval phishing networks typically continue long after funds are frozen.
Follow‑up actions may include indictments, seizures of additional assets, and further account closures or freezes as more addresses are linked to the same schemes. At the same time, lessons learned from this operation are likely feeding into updated detection models and internal security playbooks at the participating exchanges.
For criminals, the key takeaway is that approval phishing is firmly on the radar of both industry and law enforcement. Repeating the same tactics at scale will become riskier as detection improves and cooperation deepens.
Building a Safer Crypto Ecosystem
Operation Atlantic marks a turning point in how the crypto industry fights fraud: not as isolated actors reacting to incidents, but as a coordinated network of platforms, analysts, and public agencies running offensive operations against scammers.
For users, it is a reminder to treat wallet permissions with the same caution as bank transfers or password disclosures. For platforms, it reinforces the importance of investing in intelligence teams, robust KYC/AML processes, and channels for rapid engagement with authorities.
While it will never be possible to eliminate all risk from digital assets, initiatives like Operation Atlantic show that the gap between what criminals can do and what defenders can counter is narrowing. In a market increasingly shaped by institutional money and mainstream interest, that evolution is not just desirable-it is essential for the long-term credibility of the entire crypto ecosystem.