Operation Atlantic: When the Secret Service Started Hunting Scammers in Real Time

The US Secret Service, UK National Crime Agency, and Canadian authorities launched a live operation to find victims before they lose everything. The first time anyone tried to outrun a crypto scam instead of writing a press release about one.

International crypto crime disruption

For the first time in the history of crypto crime, law enforcement decided to show up before the scam was finished. In March 2026, the US Secret Service, UK National Crime Agency, Ontario Provincial Police, and Ontario Securities Commission launched Operation Atlantic - a joint initiative to identify and disrupt approval phishing scams in near real time. Not after the fact. Not six months later in a DOJ press release. Right now, while the money is still moving.

Approval phishing is the scam you do not see coming. The attacker sends a fake popup or alert that looks like it comes from a trusted app or wallet. It asks you to "approve" a transaction. One click. That is all it takes. You just gave a stranger full access to your crypto wallet. Everything in it can be drained. The transactions cannot be reversed.

This is not a fringe problem. PeckShield reported that phishing-related losses exceeded $300 million in January 2026 alone. More than all the smart contract exploits in the first two months of the year combined. The attackers are not finding bugs in code. They are finding bugs in people.

Approval phishing is frequently the endpoint of pig butchering scams. The attacker builds a relationship over weeks or months - usually through dating apps, social media, or professional networking. Once trust is established, they steer the victim toward a "crypto investment opportunity." The victim connects their wallet to a site that looks legitimate. The approval transaction fires. The wallet empties. The "friend" vanishes.

Operation Atlantic's approach is different from anything tried before. Instead of investigating after victims report losses, the operation aims to identify people who have unknowingly signed malicious approvals but have not been drained yet. The agencies use on-chain monitoring, forensic tools, and shared intelligence to find these victims in real time, warn them, and help them revoke the approvals before the attackers cash out.

Brent Daniels, Deputy Assistant Director for the Secret Service, described the goal: identify and disrupt these scams in near real time, denying criminals the ability to profit. The UK's National Crime Agency called it the most coordinated international crypto disruption operation to date.

The operation builds on Project Atlas, a 2024 Canadian-led effort that proved the concept. Atlantic scales it across three countries. The RCMP, City of London Police, US Postal Inspection Service, and Texas State Securities Board are also participating.

The question is whether speed can beat the scammers. Approval phishing happens fast. Once a malicious approval is signed, the wallet can be drained in seconds. Operation Atlantic is trying to outrun a machine with a bureaucracy. It is the right idea. Whether it is fast enough remains to be seen.

What makes Operation Atlantic worth watching is the admission it represents. Law enforcement has accepted that prosecution alone cannot solve crypto scams. By the time arrests happen, the money is gone and the victims are ruined. The only way to protect people is to intervene while the scam is still in progress. That is a fundamental shift.