Bringing Approval Phishing Scammers to Justice: How Coinbase Partnered with International Law Enforcement to Protect Thousands of Victims

Approval phishing doesn't always look like a scam. That's what makes it so effective. Victims receive what appears to be a routine pop-up or alert from a trusted app or service, asking them to "approve" a transaction. Once a victim grants that approval, the scammer gains full control of their crypto wallet. They can drain funds at will, whenever they choose, until the permission is revoked. Most victims don't even realize what's happened until their assets are gone.

To take on approval phishing at scale, our Global Intelligence team joined forces with multiple international law enforcement agencies and other partners for a focused operational sprint held at the National Crime Agency's headquarters in London. The goal was straightforward: identify victims, trace stolen funds, and disrupt the infrastructure that makes approval phishing possible — as fast as we could.

The results speak for themselves. Across the broader crypto ecosystem, over $12 million in victim funds was frozen, more than $45 million stolen in cryptocurrency fraud schemes was traced and over 20,000 victims were identified and flagged for protection. These aren't abstract numbers. They represent real people who were targeted by criminals exploiting the trust people place in the apps and services they use every day.

Here's what's often misunderstood about crypto: the blockchain makes crimes more visible, not less visible.

Every approval, every transaction, every wallet interaction is recorded onchain. That transparency is exactly what allowed us to trace the flow of funds, identify victim wallets, and connect the dots across thousands of cases in a matter of days.

With traditional financial crimes, this kind of cross-border, multi-agency coordination would take months. With blockchain technology, we moved from identification to action in a single week-long sprint.

This is what we mean when we say that crypto is bad for crime. The inherent properties of the blockchain — transparency, immutability, traceability —  make it a powerful tool for investigators. And when platforms like Coinbase work directly with law enforcement, the system becomes safer for everyone.

A few practical steps can significantly reduce your risk:

Disruptions like this sprint work best when they're sustained. Approval phishing won't disappear after a single operation — but each coordinated action raises the cost for criminals, protects more victims, and sends a clear signal: the crypto industry and law enforcement are working together, and we're not slowing down.

We're proud of the work our Global Intelligence team does alongside partners like the USSS, NCA, and OSC. And we'll keep investing in these partnerships — because protecting our customers and the broader crypto ecosystem is central to our mission.

We don't need a headline to take action. If there's a victim, we'll do what we can to help. If you think you have been a victim of such a scam please report this to your local police. If in the UK go to: https://www.reportfraud.police.uk/reporting-a-fraud/ and if in the US go to https://complaint.ic3.gov/.

Links to the United States Secret Service and National Crime Agency’s press releases on Operation Atlantic results: