Share article

Follow-up story to:

Glowing digital wallet lock with a thin hooked line pulling a bright signature-like ribbon on a dark background.

February Crypto Losses Drop to $49M as Phishing Replaces Hacks as Top Threat

February crypto losses fell to $49M, Nominis reports, but phishing and malicious wallet approvals surged, replacing protocol hacks as top threat for users.

Mara VillaseñorMar 12 06:05

Crypto scammers have had it too easy, so the adults just walked into the room (yes, the "this is fine" dog meme, but with subpoenas).

US, UK, and Canadian law enforcement agencies said Monday they are launching a coordinated effort dubbed Operation Atlantic, aimed at disrupting crypto fraud schemes, with a particular focus on phishing-led theft and related social engineering playbooks. The coalition includes the US Secret Service, the UK National Crime Agency (NCA), and Canadian partners such as the Ontario Provincial Police (OPP) and the Ontario Securities Commission (OSC). [1]
While crypto markets mostly kept vibing (Bitcoin$62,581.94 hovered around $73,460 and Ethereum$1,686.33 around $2,285 on Monday), the message from enforcement is straightforward: cross-border scam rings that rely on fast-moving wallets and international cash-out routes are now being treated like a shared problem, not three separate ones.
US Treasury sanctions facilitators behind North Korea's fake IT worker fraud and crypto cash-out network

Enjoy articles without ads?

Register for free and get unlimited access to all articles.

What Operation Atlantic is, and what it is trying to break

Operation Atlantic is being framed as a trilateral disruption campaign, not a single-day raid. Based on official statements cited by the UK's NCA, the effort is designed to:

  • Disrupt fraudulent crypto schemes, especially those initiated via phishing and impersonation
  • Raise public awareness of the most common scam patterns
  • Recover stolen funds where possible, which typically means fast tracing, freezing requests, and coordination with platforms
That scope matters. Crypto fraud is rarely local. A victim might be in London, the scammer might be running ads from another continent, the funds might hop chains, and the cash-out could be routed through an exchange account registered in a different jurisdiction. Fragmented enforcement has been a feature, not a bug, for fraud rings.

A trilateral model aims to remove some of that friction: shared intelligence, faster requests, aligned priorities, and fewer gaps for scammers to slip through. [2]

Why phishing remains the scammer's best business model

Phishing sounds "basic," but it keeps working because it attacks humans, not code.

Most large retail loss events still start with one of a few familiar patterns:

  • Impersonation: fake support agents, fake exchange compliance emails, fake wallet upgrade prompts
  • Credential capture: cloned login pages, malicious QR codes, "verify your wallet" portals
  • Wallet-drainer flows: victims tricked into signing approvals that quietly hand over token spending rights
  • Recovery scams: second-wave scammers promise to recover funds, then steal more
Operation Atlantic explicitly calls out phishing involving cryptocurrencies, which is a signal that authorities are targeting the top-of-funnel layer where scams scale. Fraud rings do not need to "hack" anything if they can reliably get users to hand over access, approvals, or seed phrases.

The other reason phishing persists: it blends cleanly with the modern internet stack. Scammers can spin up domains, clone UI, buy ads, and rotate identities faster than most victims can file a report. Even when platforms take down obvious bad actors, the same operation often respawns with minor variations.

What "disruption" likely looks like in practice

Authorities have not publicly laid out full tactical details, but disruption campaigns like this usually focus on a few levers that actually hurt scammers:

Faster tracing and freezing

Recovery is a race. The longer stolen funds sit, the more likely they get split, bridged, swapped, or routed through mixers and peel chains. Cross-border coordination can shorten the time between victim report and platform action.
Roman Storm hits back as DOJ seeks October retrial in Tornado Cash case

Targeting "cash-out" chokepoints

Many fraud rings can move funds onchain, but they still need exits: centralized exchanges, OTC brokers, mule accounts, off-ramps, and payment rails. Coordinated enforcement can pressure those edges with alerts, account freezes, and compliance actions.

Infrastructure takedowns

Phishing operations depend on infrastructure: domains, hosting providers, social accounts, ad networks, and comms channels. Even temporary takedowns can reduce campaign effectiveness, increase operating costs, and force scammers into noisier setups.

Public warnings that name patterns

Awareness campaigns sound soft, but they matter when they identify concrete tactics, not generic "be careful" advice. The highest-impact warnings usually include real examples: screenshots of fake pages, keywords used in messages, and the exact storylines scammers are pushing.

This is where the "raise awareness" component becomes either useful or fluff. If agencies publish practical indicators and reporting routes, users and platforms can act faster. If it turns into vague posters, scammers will keep printing.

Why a US, UK, Canada trio is strategically relevant

This specific trio is not random.

  • The US Secret Service has a long track record in financial crime investigations and works closely with payment and banking rails, which still matter for crypto cash-outs.
  • The UK NCA sits in a jurisdiction that is both a major financial hub and a common target market for investment fraud.
  • Canada's OPP and OSC bring a mix of policing and securities enforcement, which is relevant when scams are packaged as "investment opportunities" and pushed through marketing funnels. [3]

A trilateral approach also reduces one of the biggest pain points in crypto fraud enforcement: scammers exploiting jurisdictional lag. If one country moves slowly on a preservation request or takedown, funds can be gone. Joint operations are designed to shrink that window.

Thailand's AML crackdown hits crypto as exchanges freeze 10,000 accounts: Report

What this means for exchanges, wallets, and the rest of crypto plumbing

Expect more pressure on the intermediaries that scammers touch, even briefly.

  • Exchanges and off-ramps could see increased requests for rapid freezes and more proactive monitoring for scam-linked flows.
  • Wallet providers may be pushed to ship more default protections: transaction simulation, approval warnings, and clearer signing prompts.
  • Social platforms and ad networks remain the elephant in the room. Fraud rings scale through distribution. If platforms do not clamp down on impersonation and scam ads, enforcement ends up playing whack-a-mole downstream.
Additional reporting in the broader ecosystem has highlighted large-scale account takedowns on social networks in other anti-scam pushes, which underscores the point: a lot of crypto fraud is "Web2 distribution plus Web3 settlement." [4] Operation Atlantic is implicitly aimed at that hybrid pipeline.

What to watch next

Operation Atlantic is a credible step, but the scoreboard will be outcomes, not headlines.

If authorities start publishing concrete disruption metrics, like domains seized, wallets flagged, funds frozen, arrests made, or victim funds returned, watch for real deterrence and faster reporting loops across platforms.

If the operation stays mostly in the awareness lane without sustained takedowns and cash-out pressure, expect scammers to adapt quickly with new domains, new narratives, and the same old playbook, leaving retail users rekt while the rings keep rotating infrastructure.

Either way, the signal is clear: crypto fraud is being treated less like internet "oops" crime and more like coordinated financial predation. The next few weeks will show whether this becomes a lasting joint task force model, or just another campaign name that scammers outlast.

Tags

#crypto fraud#social engineering#Phishing scams#law enforcement#Stolen funds recovery#Operation Atlantic#Cross-border crackdown#US Secret Service#UK NCA#Canadian regulators