A joint US and UK operation has identified thousands of ‘approval phishing’ victims and frozen $12 million in stolen cryptocurrency. The international effort uncovered a broader network responsible for over $45 million in fraud.
How Approval Phishing Defrauds Victims
Approval phishing uses deceptive pop-ups that mimic legitimate cryptocurrency services, tricking users into authorizing access to their digital wallets. Once approved, criminals can drain the funds. The U.S. Secret Service notes these transactions are irreversible, complicating recovery for victims. This tactic is a growing threat in the digital asset space, similar to other attacks that exploit user trust, such as malicious supply-chain attacks that steal crypto assets.
Global Crackdown and Seizures
The operation involved the UK’s National Crime Agency, the U.S. Secret Service, and Canadian police. Authorities notified over 3,000 victims in 30 countries and identified more than 20,000 compromised wallets. The crackdown also included the seizure of over 100 domains used to facilitate the scams, disrupting the infrastructure used by cybercriminals, including sophisticated groups like the ones behind the UNC4899 breach.
