U.S. Secret Service forensic analysts have collaborated with Canadian authorities to tackle $4.3 million in “approval phishing” attacks targeting Ethereum wallet holders.
Approval phishing is when a malicious attacker tricks a user, for example, as part of a “pig butchering” romance scam, into signing a transaction that gives the attacker permission to spend or drain tokens from their crypto wallet.
The joint operation, dubbed Operation Avalanche (no affiliation with the layer-1 network or its AVAX token), searched for compromised wallets on the Ethereum blockchain and reached out to impacted wallet owners who had lost money or were at risk of doing so.
The effort was led by the U.S. Secret Service and the B.C. Securities Commission. It also had support from the Ontario Provincial Police, Alberta Securities Commission, L’Autorité des marchés financiers, Ontario Securities Commission, Delta Police Department, Vancouver Police Department, and the Royal Canadian Mounted Police. An unnamed crypto exchange and a third-party blockchain analyst were also said to be involved.
Matt McCool, a special agent in charge at the U.S. Secret Service’s Washington Field Office, said his organization “will continue working with Canadian law enforcement and financial partners to identify and seize stolen assets to return to victims.”
Russian Crypto Trading Platform Garantex Seized by Secret Service
The U.S. Secret Service, with international law enforcement, seized and removed the website of Russian crypto exchange Garantex, citing alleged ties to sanctioned Russian banks and criminal groups. The Garantex homepage, which is now timing out, had previously said that the platform’s domain had been taken by the agency, which received a warrant from the U.S. Attorney’s Office for the Eastern District of Virginia. A spokesperson for the Secret Service, Nate Herring, said that the seizure was par...
This isn’t the first time that the Secret Service has announced a major crypto enforcement action in recent months.
In March, it took down the website of Russian crypto exchange Garantex as part of another joint operation, claiming it had ties to cybercriminal groups and sanctioned Russian banks, including darknet ransomware groups.
Approval phishing and the crypto world
Approval phishing has consistently been a popular and damaging type of crypto scam.
Blockchain sleuths at Chainalysis estimated that $2.7 billion was lost to approval phishing between May 2021 and July 2024, adding that many cases go under the radar and remain unreported.
Creator of $132 Million Global Phishing Service Jailed for Eight Years
A British man who ran a global phishing service has been jailed for eight-and-a-half years. Zak Coyne created LabHost—a subscription service that allowed fraudsters to access fake versions of legitimate websites. The fraudulent pages could then be used to deceive unsuspecting victims into handing over sensitive information. According to the British Crown Prosecution Service, the 24-year-old received $230,000 worth of cryptocurrency for designing and operating the site. The digital assets were la...
Though approval phishing attacks can be targeted at organizations—such as in the case of the $120 million Badger DAO hack in December 2021—they are often directed at wealthy private individuals, who are known to be active in crypto or NFT space.
In December 2021, a well-known collector in the NFT space lost Bored Ape NFTs worth almost $2 million (at value’s of the time) to a variant of 'approval phishing' known as 'ice phishing.’
