In a recent collaborative effort, U.S. Secret Service forensic analysts and Canadian authorities have successfully confronted a $4.3 million “approval phishing” assault targeted at Ethereum wallet users. Approval phishing is a method employed by malicious attackers to trick users into unwittingly signing a transaction that grants the attacker access to drain tokens from their crypto wallets. Instances of such scams often involve what is known as a “pig butchering” romance scam.
The joint operation, aptly christened Operation Avalanche, sought out compromised wallets on the Ethereum blockchain and reached out to affected wallet owners who had either lost money or were at risk of losing their assets. The operation, however, has no relation to the layer-1 network or its AVAX token, known by the same name.
The initiative was spearheaded by the U.S. Secret Service in tandem with the B.C. Securities Commission. The Ontario Provincial Police, Alberta Securities Commission, L’Autorité des marchés financiers, Ontario Securities Commission, Delta Police Department, Vancouver Police Department, and the Royal Canadian Mounted Police also lent their support. An undisclosed crypto exchange and a third-party blockchain analyst were reportedly involved as well.
Matt McCool, a special agent in charge at the U.S. Secret Service’s Washington Field Office, made it clear that his organization “will continue working with Canadian law enforcement and financial partners to identify and seize stolen assets to return to victims.”
Interestingly, this is not the Secret Service’s maiden voyage into crypto enforcement action. In March, the organization dismantled the website of Russian crypto exchange Garantex in a joint operation, alleging that it had connections to cybercriminal groups and sanctioned Russian banks, including darknet ransomware groups.
Approval phishing has been a persistent and destructive scam in the crypto world. Blockchain investigators at Chainalysis estimate that between May 2021 and July 2024, a staggering $2.7 billion has vanished due to approval phishing, noting that many incidents likely go undetected and unreported.
While approval phishing attacks can target organizations – as demonstrated by the $120 million Badger DAO hack in December 2021 – they are frequently aimed at wealthy private individuals known for their activity in the crypto or NFT space. A notable example occurred in December 2021, when a renowned collector in the NFT sector lost Bored Ape NFTs, then valued at nearly $2 million, to an ‘ice phishing’ variant of an ‘approval phishing’ scam.
