Secret Service, Canadian Officials Disrupt $4.3M Ethereum “Approval Phishing” Scam

U.S. Secret Service forensic analysts have collaborated with Canadian authorities to tackle $4.3 million in “approval phishing” attacks targeting Ethereum wallet holders.

Approval phishing is when a malicious attacker tricks a user, for example, as part of a “pig butchering” romance scam, into signing a transaction that gives the attacker permission to spend or drain tokens from their crypto wallet.

The joint operation, dubbed Operation Avalanche (no affiliation with the layer-1 network or its AVAX token), searched for compromised wallets on the Ethereum blockchain and reached out to impacted wallet owners who had lost money or were at risk of doing so.

The effort was led by the U.S. Secret Service and the B.C. Securities Commission. It also had support from the Ontario Provincial Police, Alberta Securities Commission, L’Autorité des marchés financiers, Ontario Securities Commission, Delta Police Department, Vancouver Police Department, and the Royal Canadian Mounted Police. An unnamed crypto exchange and a third-party blockchain analyst were also said to be involved.

Matt McCool, a special agent in charge at the U.S. Secret Service’s Washington Field Office, said his organization “will continue working with Canadian law enforcement and financial partners to identify and seize stolen assets to return to victims.”

This isn’t the first time that the Secret Service has announced a major crypto enforcement action in recent months.

In March, it took down the website of Russian crypto exchange Garantex as part of another joint operation, claiming it had ties to cybercriminal groups and sanctioned Russian banks, including darknet ransomware groups.

Approval phishing and the crypto world

Approval phishing has consistently been a popular and damaging type of crypto scam.

Blockchain sleuths at Chainalysis estimated that $2.7 billion was lost to approval phishing between May 2021 and July 2024, adding that many cases go under the radar and remain unreported.

Though approval phishing attacks can be targeted at organizations—such as in the case of the $120 million Badger DAO hack in December 2021—they are often directed at wealthy private individuals, who are known to be active in crypto or NFT space.

In December 2021, a well-known collector in the NFT space lost Bored Ape NFTs worth almost $2 million (at value’s of the time) to a variant of ‘approval phishing’ known as ‘ice phishing.’