Approval phishing is an increasingly popular tactic used by criminals to steal funds through different scamming techniques such as fake crypto apps and romance scams (also known as pig butchering), according to an update from Chainalysis.
With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that “gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s address of those tokens at will,” the update from Chainalysis explained.
Chainalysis further noted that earlier this year, they reported “that approximately USD $1 billion has been lost to scams leveraging approval phishing since May 2021.”
After identifying further illicit addresses, our data now reveals that over USD $2.7 billion has been lost to approval phishing – “demonstrating that approval phishing is a much bigger problem than previously known.”
However, the inherent transparency of the blockchain paired “with advanced blockchain analytics offers a range of opportunities for investigation, asset recovery and crime prevention.”
That is why Chainalysis is introducing Operation Spincaster, “a series of operational sprints designed to disrupt and prevent scams through public-private collaboration.”
Leveraging the transparency of the blockchain, Chainalysis proactively “identified thousands of compromised wallets.”
This actionable intelligence formed the basis of “a series of operational sprints across six countries (US, UK, Canada, Spain, Netherlands and Australia) with over 100 attendees, including 12 public sector agencies and 17 crypto exchanges.”
The operational sprints featured training in “identifying compromised wallets and tracing the stolen funds using Chainalysis Crypto Investigations solution.”
Over 7000 leads were disseminated “during these sprints relating to approximately USD $162 million of losses.”
These leads were used to “close accounts, seize funds and build intelligence to prevent future scams.”
In fact, in one of the sprints, participants were able “to contact a victim directly to warn them of an ongoing scam, prompting the victim to take preventative action on-chain by revoking the approval before the scammer was able to steal a six-figure sum.”
Operation Spincaster is a global extension of “an operational sprint we first conducted with the Calgary Police Service, named Operation Disruption, back in March 2024.”
Having participated in the initial pilot project, Sergeant Danny Leong of the Calgary Police Service Blockchain Investigations Team, said:
“Earlier this year, the Calgary Police Service partnered with Chainalysis to host a private workshop, which brought several Canadian law enforcement agencies and cryptocurrency businesses together to address ongoing cryptocurrency-related crime.”
The findings identified “more than 770 individuals, 119 which were Canadians, as victims of cryptocurrency fraud, with an estimated combined loss of $59 million.”
Through this workshop, the participating organizations “took swift action in notifying the impacted individuals to prevent further victimization.”
The partnership with Chainalysis highlights “an ongoing commitment to information sharing around various tools and technologies required to help navigate the complex and rapidly changing cryptocurrency landscapes, and our efforts to develop proactive policing strategies aimed at protecting Canadians from cryptocurrency exploitation.”
These types of scams are not unique to Canada, and by “working with Chainalysis, we are part of a much larger, global effort to tackle this type of criminal activity.”
Participants from Operation Spincaster also shared learnings from their experience in the operational sprints:
Grupo de Ciberinteligencia Criminal – Unidad Técnica de Policía Judicial (UTPJ), Guardia Civil:
“Operation Spincaster has emerged as a groundbreaking initiative, bringing together key domestic exchanges, cutting-edge technology research units from the Guardia Civil, and investigators from Chainalysis. The Web3 landscape presents evolving challenges, and public-private sector collaboration is paramount to addressing them. Beyond the potential victims identified and actions taken, the two-day collaborative effort has yielded invaluable learnings that will influence our ongoing investigation work immensely.”
Policia Nacional, España:
“Spincaster’s success comes not only from its preventive measures and fraud detection results, but also from strengthening relationships between public and private sectors for a coordinated fight against this type of crime. Additionally, it benefits from the knowledge gained in detecting and investigating this specific modus operandi used in the cryptocurrency field.”
As noted in a blog post:
“Operation Spincaster demonstrates the NCA’s commitment to collaborating with tech partners in the private sector to tackle fraud. This work has protected victims here in the UK, and provided opportunities for us to pursue organized crime groups causing significant harm. Many of these groups are based overseas, and utilize sophisticated methods to gain the trust of unsuspecting investors.”
Celestino Calabrese, Acting Head of Illicit Finance Threat, National Crime Agency, United Kingdom:
Together with NPCC and our policing colleagues across the country, we were able to identify over 230 UK victims, and discovered at least £33m of funds believed to be the result of approval phishing. Our specialist digital asset teams will continue to provide support to ongoing investigations, ensuring that the public are kept safe from harm, and offenders are targeted regardless of their location. It is imperative for Australian law enforcement agencies to work collaboratively with industry partners to identify solutions to the constant threat cyber criminals pose to our businesses, economy, and community.”
Tim Stainton, Detective Superintendent, Australian Federal Police:
The intelligence we have gathered collaboratively throughout Operation Spincaster has shed a clear light on new tactics used by cybercriminals in their continued efforts to defraud Australians, and it will form a key part of our ongoing investigations to identify cybercrime victims and disrupt offenders in Australia.”
Erin Fracolli, Global Headof Intelligence and Investigations, Binance:
Our team has been successfully utilizing the leads shared through this initiative to conduct fund tracing, identify affected users, inform them of the scam, and provide guidance and education to prevent further losses and scams. We are excited to see this program expand to more countries and are committed to playing our part as an industry leader to ensure the safety and security of the crypto space.”
Tackling and preventing scams requires “an ecosystem-wide strategy that brings together the public sector, private sector and civil society through a three-pronged approach:”
Public education and user awareness: Preventive efforts such “as education plays a critical role as the first line of defence against scams. Cryptocurrency users should note that instances where approvals are granted to an individual or company are extremely rare.”
In fact, most legitimate uses of approvals are destined to decentralized applications.
Proactive transaction monitoring for exchanges: Cryptocurrency exchanges wield significant influence in “detecting and preventing approval phishing scams.”
Implementing proactive – rather than reactive – transaction monitoring capabilities and a robust risk management strategy is essential “to effectively combat and prevent such threats.”
With the right analytics tools, exchanges can “monitor for suspected approval phishing consolidation wallets with heavy exposure to destination addresses, and take actionable steps such as automatically freezing the funds or reporting to law enforcement when suspect wallets move funds to their platform.”
Chainalysis debuted a newly-developed API endpoint “to Operation Spincaster attendees that allows exchanges to leverage Chainalysis data to screen withdrawals and detect ongoing scam attempts in real time.”
Boosting law enforcement capabilities: As crypto adoption grows and is “increasingly used by both good and bad actors, law enforcement agencies should invest in blockchain analytics tools and training to combat illicit activities – such as scams – domestically and internationally.”
Capabilities to investigate and trace the flow of funds “can enable law enforcement agencies to identify and disrupt criminal groups, illicit financial infrastructures and supply chains that underpin approval phishing scams.”