Approval phishing is an increasingly popular tactic used by criminals to steal funds through different scamming techniques such as fake crypto apps and romance scams (also known as pig butchering). With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer's address approval to spend specific tokens inside the victim's wallet, allowing the scammer to then drain the victim's address of those tokens at will.
Earlier this year, we reported that approximately USD $1 billion has been lost to scams leveraging approval phishing since May 2021. After identifying further illicit addresses, our data now reveals that over USD $2.7 billion has been lost to approval phishing – demonstrating that approval phishing is a much bigger problem than previously known. However, the inherent transparency of the blockchain paired with advanced blockchain analytics offers a range of opportunities for investigation, asset recovery and crime prevention.
That is why Chainalysis is pioneering Operation Spincaster, a series of operational sprints designed to disrupt and prevent scams through public-private collaboration. Leveraging the transparency of the blockchain, Chainalysis proactively identified thousands of compromised wallets. This actionable intelligence formed the basis of a series of operational sprints across six countries (US, UK, Canada, Spain, Netherlands and Australia) with over 100 attendees, including 12 public sector agencies and 17 crypto exchanges.
The operational sprints featured training in identifying compromised wallets and tracing the stolen funds using Chainalysis Crypto Investigations solution. Over 7000 leads were disseminated during these sprints relating to approximately USD $162 million of losses. These leads were used to close accounts, sixteen funds and build intelligence to prevent future scams. In fact, in one of the sprints, participants were able to contact a victim directly to warn them of an ongoing scam, prompting the victim to take preventative action on-chain by revoking the approval before the scammer was able to steal a six-figure sum.
Public-private sector collaboration and blockchain intelligence is critical in the fight against scams
Operation Spincaster is a global extension of an operational sprint we first conducted with the Calgary Police Service, named Operation Disruptionback in March 2024. Having participated in the initial pilot project, Sergeant Danny Leong of the Calgary Police Service Blockchain Investigations Teamsaid:
“Earlier this year, the Calgary Police Service partnered with Chainalysis to host a private workshop, which brought several Canadian law enforcement agencies and cryptocurrency businesses together to address ongoing cryptocurrency-related crime. The findings identified more than 770 individuals, 119 which were Canadians, as victims of cryptocurrency fraud, with an estimated combined loss of $59 million. Through this workshop, the participating organizations took swift action in notifying the impacted individuals to prevent further victimization.
“The partnership with Chainalysis highlights an ongoing commitment to information sharing around various tools and technologies required to help navigate the complex and rapidly changing cryptocurrency landscapes, and our efforts to develop proactive policing strategies aimed at protecting Canadians from cryptocurrency exploitation.
“These types of scams are not unique to Canada, and by working with Chainalysis, we are part of a much larger, global effort to tackle this type of criminal activity.”
Participants from Operation Spincaster also shared learnings from their experience in the operational sprints:
“Operation Spincaster has emerged as a groundbreaking initiative, bringing together key domestic exchanges, cutting-edge technology research units from the Guardia Civil, and investigators from Chainalysis. The Web3 landscape presents evolving challenges, and public-private sector collaboration is paramount to addressing them. Beyond the potential victims identified and actions taken, the two-day collaborative effort has yielded invaluable learnings that will influence our ongoing investigation work immensely.” – Grupo de Cyberintelligence Criminal – Unidad Técnica de Policía Judicial (UTPJ), Guardia Civil
“Spincaster's success comes not only from its preventive measures and fraud detection results, but also from strengthening relationships between public and private sectors for a coordinated fight against this type of crime. Additionally, it benefits from the knowledge gained in detecting and investigating this specific modus operandi used in the cryptocurrency field.” – National Police, Spain
“Operation Spincaster demonstrates the NCA's commitment to collaborating with tech partners in the private sector to tackle fraud. This work has protected victims here in the UK, and provided opportunities for us to pursue organized crime groups causing significant harm. Many of these groups are based overseas, and utilize sophisticated methods to gain the trust of unsuspecting investors.
“Together with NPCC and our policing colleagues across the country, we were able to identify over 230 UK victims, and discovered at least £33m of funds believed to be the result of approved phishing. Our specialist digital asset teams will continue to provide support to ongoing investigations, ensuring that the public are kept safe from harm, and offenders are targeted regardless of their location.” – Celestino Calabrese, Acting Head of Illicit Finance Threat, National Crime Agency, United Kingdom
“It is imperative for Australian law enforcement agencies to work collaboratively with industry partners to identify solutions to the constant threat cyber criminals pose to our businesses, economy, and community.
The intelligence we have gathered collaboratively throughout Operation Spincaster has shed a clear light on new tactics used by cybercriminals in their continued efforts to defraud Australians, and it will form a key part of our ongoing investigations to identify cybercrime victims and disrupt offenders in Australia.” – Tim Stainton, Detective Superintendent, Australian Federal Police
“Operation Spincaster proved successful from the outset, as we were able to secure the commitment of seven cryptocurrency exchanges to participate in the operational sprint and collaborate with Chainalysis, law enforcement, and the FIU to combat crypto crime. Attendees were provided with insightful training on approval phishing, and by the end of the sprint, were able to set up detection methods and freeze several wallets to prevent further loss of funds for victims. The relationships and collaborative efforts established through Operation Spincaster marks a pivotal step in our efforts to disrupt and prevent scams within the ecosystem.” – Ruben van Well, Head of Public Private Partnerships, Dutch National Police
“Binance is proud to be a partner of Operation Spincaster. At Binance, being user-focused is a core value, and we've always believed that building a secure crypto ecosystem requires collaboration. We are glad to have found a platform where law enforcement and industry players like ourselves can come together with the shared goal of keeping users safe and addressing emerging threats.
“Our team has been successfully utilizing the leads shared through this initiative to conduct fund tracing, identify affected users, inform them of the scam, and provide guidance and education to prevent further losses and scams. We are excited to see this program expand to more countries and are committed to playing our part as an industry leader to ensure the safety and security of the crypto space.” – Erin Fracolli, Global Head of Intelligence and Investigations, Binance
“At NDAX, ensuring compliance, managing risks, and improving security are central to our mission. We recognize that addressing emerging threats requires a collaborative industry effort. Operation Spincaster embodies this approach by leveraging data and combining the strengths of the public and private sectors. This initiative represents a significant advancement in the global fight against crypto crime. We are proud to contribute to this effort and are dedicated to using its achievements to enhance the safety and trustworthiness of the cryptocurrency ecosystem for all participants.” – NDAX
Combating and preventing scams requires ecosystem effort
Tackling and preventing scams requires an ecosystem-wide strategy that brings together the public sector, private sector and civil society through a three-pronged approach:
-
- Public education and user awareness: Preventive efforts such as education plays a critical role as the first line of defense against scams. Cryptocurrency users should note that instances where approvals are granted to an individual or company are extremely rare. In fact, most legitimate uses of approvals are intended to decentralized applications.
- Proactive transaction monitoring for exchanges: Cryptocurrency exchanges wield significant influence in detecting and preventing approval phishing scams. Implementing proactive – rather than reactive – transaction monitoring capabilities and a robust risk management strategy is essential to effectively combat and prevent such threats. With the right analytics tools, exchanges can monitor for suspected approval phishing consolidation wallets with heavy exposure to destination addresses, and take actionable steps such as automatically freezing the funds or reporting to law enforcement when suspicious wallets move funds to their platform. Chainalysis debuted a newly-developed API endpoint to Operation Spincaster attendees that allows exchanges to leverage Chainalysis data to screen withdrawals and detect ongoing scam attempts in real time.
- Boosting law enforcement capabilities: As crypto adoption grows and is increasingly used by both good and bad actors, law enforcement agencies should invest in blockchain analytics tools and training to combat illicit activities – such as scams – domestically and internationally. Capabilities to investigate and trace the flow of funds can enable law enforcement agencies to identify and disrupt criminal groupsillicit financial infrastructures and supply chains that underpin approval phishing scams.
Operation Spincaster is testament to the success that can happen when the public and private sectors work together through the use of blockchain analytics to take down and prevent scams. Chainalysis is committed to supporting the cryptocurrency ecosystem to combat illicit activity, and we look forward to rolling out Operation Spincaster in more countries over the next few months.
Crime prevention advice
There are numerous crime prevention resources available that provide comprehensive advice and guidance to avoid becoming the next victim of the fraud. This includes the UK Metropolitan Police's Little Book of Crypto Crime or the Australian National Anti-Scam Centre's Little Black Book of Scams.
Chainalysis always advocates taking a moment to stop and think before engaging in any investment opportunity. If it sounds too good to be true, it usually is. Take the time to conduct due diligence on any potential investment opportunities. Never click blindly or follow a link without fully knowing where this will lead. Most importantly, if prompted to approve a spender within your cryptocurrency wallet without expecting this, reject the transaction. If in doubt, always seek advice from a trusted third party, ideally in person.