Key Takeaways

  • National agencies from UK, US, and Canada identified 20,000 victims and stopped several criminal networks.
  • The operation secured over $12 million in stolen money and tracked another $45 million linked to global scams.
  • Teams focused on stopping approval phishing, a scam where criminals trick people into giving up full control of their digital wallets.
  • Experts from Binance and Elliptic worked on-site to trace transactions in real time and freeze funds before they could disappear.
  • Agencies from three countries teamed up to show that crypto criminals cannot hide behind international borders.

An international law enforcement operation led by the National Crime Agency has identified more than 20,000 victims of cryptocurrency scams and frozen over $12 million in suspected criminal funds, according to an official announcement published on April 9, 2026.

The operation, called Operation Atlantic, focused on approval phishing, a type of crypto scam in which users unknowingly grant attackers access to their wallets. The effort brought together agencies from multiple countries along with private crypto firms, including Binance.

Operation Atlantic Identifies Approval Phishing Victims Freezes Funds and Disrupts Fraud Networks

Operation Atlantic was carried out as a coordinated effort between the National Crime Agency, the US Secret Service, the Ontario Provincial Police, and the Ontario Securities Commission.

Authorities said that the operation focused on identifying victims who had lost, or were at risk of losing, cryptocurrency through approval phishing. In these scams, victims are tricked into approving wallet permissions, often through fake investment platforms or misleading prompts. Once access is granted, attackers can move funds out of the wallet, and these transactions are hard to reverse.

The operation:

  • Identified more than 20,000 victims across the UK, United States, and Canada
  • Secured and froze over $12 million in suspected criminal proceeds
  • Identified more than $45 million stolen in cryptocurrency fraud schemes worldwide

One UK victim alone is believed to have lost more than £52,000.

Investigators worked with private sector partners to trace illicit transactions and identify victims in real time. This allowed some funds to be secured before they were moved further by attackers.

The National Crime Agency also confirmed that multiple fraud networks were disrupted during the week-long action, which was hosted at its London headquarters. Additional agencies, including the City of London Police and the Financial Conduct Authority (FCA), took part in the effort.

Miles Bonfield, Deputy Director of Investigations at the National Crime Agency, said the operation showed how international cooperation can stop crypto-related fraud:

“Operation Atlantic is a powerful example of what is possible when international agencies and private industry work side by side.
This intensive action has led to the safeguarding of thousands of victims in the UK and overseas, stopped criminals in their tracks and helped save others from losing their funds.
We know that fraudsters operate globally and, together with our international partners, so will the NCA to target them wherever they are based.”

Officials confirmed the investigation is ongoing, with more analysis planned to support victims and pursue those behind the fraud.

Binance Joins Operation Atlantic, Provides Crypto Scam Intelligence and On-the-Ground Support

Binance confirmed that it took part in Operation Atlantic as one of the private-sector partners supporting the investigation.

According to its announcement, Binance’s Special Investigations team worked on-site in London and helped with:

  • Investigative support and scam intelligence
  • Screening workflows to help identify potential victims
  • Research identifying active phishing websites
  • Information on suspected bad actors to support asset seizure efforts

Binance explained that approval phishing scams work by prompting users to approve malicious wallet permissions, often through fake pop-ups or messages that appear to come from trusted services. Once access is approved, attackers can transfer funds, and these transactions are usually difficult to reverse.

The company also confirmed that none of the funds frozen during the operation were held on Binance accounts, meaning the targeted assets were located outside its platform.

Binance Senior Regional Advisor for EMEA Flavio Tonon said approval phishing remains one of the most damaging crypto scam methods and linked the operation to broader cooperation between law enforcement and the crypto industry:

“Approval phishing is one of the most damaging types of scams targeting crypto users today, and Operation Atlantic underscores how effective crime fighting is possible when private and public partners move together to stop fraud at the source.
The inherent transparency of the blockchain makes it difficult for criminals to hide for long while exploiting victims. We are proud to have played a meaningful role in protecting thousands of potential victims.”

The exchange added that it continues to work with law enforcement globally and reported that in 2025, it supported more than 71,000 law enforcement requests and assisted in the confiscation of over $131 million in illicit funds.

Elliptic Provides Blockchain Analytics and Tracing Support in Operation Atlantic

Elliptic also confirmed it took part in Operation Atlantic as a private-sector partner, providing blockchain analytics, enriched data, and investigative support during the operation.

According to its announcement, Elliptic supported investigators by processing large volumes of on-chain data and helping trace the movement of stolen cryptocurrency across multiple blockchains. Its tools were used to identify wallet activity, track the flow of funds, and detect where assets were being consolidated or moved to exchanges.

The company explained that its data was shared across teams involved in the operation, helping build a combined intelligence view used by law enforcement and other partners.

Elliptic also said it contributed by generating prioritized leads, identifying high-risk activity, and carrying out its own investigations into approval phishing networks. Some of these findings were passed to law enforcement with supporting evidence to assist with freezing orders and further action.

In addition, Elliptic supported investigators with analysis reviews and technical guidance related to blockchain tracing methods.

The company described the operation as a coordinated effort where real-time blockchain analysis, victim outreach, and legal action were carried out in parallel, allowing investigators to identify victims and act on stolen funds during the same operational window.