Chainalysis has indicated that a growing threat in the cryptocurrency space involves deceptive tactics that trick users into granting broad access to their digital wallets. Known as approval phishing, this method allows criminals to drain funds at will after victims unknowingly authorize malicious transactions. Recent insights from industry experts highlight how these scams combine sophisticated social engineering with on-chain mechanics, contributing to billions in losses.
Chainalysis added that during 2025, on-chain scams generated at least $14 billion, with projections reaching $17 billion as more addresses are linked to illicit activity.
The average amount sent to individual scam addresses surged by 253% compared to the prior year, while operations enhanced by artificial intelligence proved 4.5 times more lucrative.
Investment-related frauds dominate this category, often executed through approval phishing on blockchain networks.
As explained by Chainalysis, the process begins long before any transaction occurs. Fraudsters build trust through extended social manipulation, posing as financial mentors or romantic interests.
Victims are coached to provide vague explanations for their activities, such as claiming funds are for “personal use” without specifics. Scammers encourage moving assets from regulated platforms into self-custodied wallets, using exchanges merely as intermediaries.
They create urgency, demanding live screenshots and rapid decisions while fostering dependency on their guidance. Sudden large transfers from individuals with little prior crypto history often signal involvement.
At the critical moment, the victim is prompted to “approve” what appears to be a routine action—like executing a trade or transferring a small amount. In reality, the smart contract approval grants the attacker permission to spend tokens from the wallet indefinitely.
Once approved, the scammer can transfer assets immediately or wait for additional deposits, routing them through multiple wallets, cross-chain bridges, and eventually to cash-out points on exchanges.
Blockchain transactions cannot be reversed, making prevention essential.
Tracking these schemes is feasible because perpetrators reuse infrastructure.
Consolidation wallets, spender contracts, and exit addresses appear across numerous victims, enabling automated detection through blockchain analytics platforms.
Law enforcement and private sector collaborations have scaled responses effectively.
Initiatives like Operation Spincaster in 2024 processed thousands of leads, addressing $162 million in potential losses and successfully intervening in individual cases by revoking approvals before major drains.
Follow-up efforts, including local actions in Canada, resulted in asset seizures and returns to victims.
Operation Atlantic, involving agencies from the UK, US, and Canada, identified over 20,000 affected users and froze more than $12 million in proceeds while tracing an additional $45 million linked to related frauds.
These operations demonstrate the value of timely on-chain intelligence in disrupting networks before further harm.
To combat approval phishing, organizations should integrate detection earlier in monitoring systems rather than relying solely on victim reports.
Rapid analysis of leads can identify risky approvals by spotting discrepancies, such as third-party addresses initiating spends.
Cross-sector information sharing between banks and crypto platforms strengthens defenses, while internal training builds long-term expertise.
For individual users, vigilance remains key: verify URLs before wallet connections, source applications only from official channels, and pause when strangers pressure quick actions on transactions.
By leveraging patterns of reuse, the crypto ecosystem can shift from reactive investigations to proactive, scalable disruption—protecting users and reducing the profitability of these evolving scams. Chainalysis has now concluded that more well-coordinated efforts continue to turn isolated signals into broader network exposures.