Operation Atlantic Freezes $12 Million in Crypto Losses: How Approval Phishing Scams Were Disrupted

In a coordinated crackdown spanning three continents, law enforcement agencies from the United Kingdom, the United States, and Canada have joined forces to combat a rising tide of digital theft. The initiative, known as Operation Atlantic, has already frozen $12 million in crypto losses tied to a deceptive technique called approval phishing. This marks a significant victory in the ongoing battle against cryptocurrency fraud, which continues to drain billions from victims worldwide.

What Is Approval Phishing and How Does It Work?

Approval phishing is a sophisticated form of cybercrime where scammers trick victims into granting full access to their cryptocurrency wallets. Typically, this involves fake alerts or pop-ups that appear to come from trusted apps or services. Once the victim approves the transaction, the scammer can drain the wallet without needing passwords or private keys.

This method has become increasingly common, partly because it exploits the trust users place in legitimate platforms. According to a report from blockchain analytics firm Chainalysis, approval phishing scams netted criminals at least $1 billion between May 2021 and December 2023. The technique often incorporates romance fraud tactics, where scammers build emotional connections with victims before convincing them to sign approval transactions.

Operation Atlantic: A Global Response to Crypto Fraud

Operation Atlantic, led by the UK’s National Crime Agency (NCA) with support from the US Secret Service, Ontario Provincial Police, and Ontario Securities Commission, ran for one week last month. The operation resulted in the freezing of $12 million in crypto losses and identified an additional $33 million stolen through similar schemes.

Private sector partners, including Binance, Coinbase, Tether, and blockchain analytics firms Elliptic, TRM Labs, and Chainalysis, played a crucial role. The NCA reported that multiple fraud networks were “disrupted” during the operation, with over 20,000 crypto wallets linked to fraud victims across more than 30 countries identified. Authorities also contacted 3,000 victims directly and disrupted over 120 web domains used for fraudulent schemes.

Miles Bonfield, NCA deputy director of investigations, emphasized the power of collaboration: “This intensive action has led to the safeguarding of thousands of victims in the UK and overseas, stopped criminals in their tracks, and helped save others from losing their funds.” He added, “We know that fraudsters operate globally and, together with our international partners, so will the NCA to target them wherever they are based.”

The Scale of Crypto Crime: Billions Lost Annually

The success of Operation Atlantic highlights a broader problem. According to the FBI’s Internet Crime Report 2025, cryptocurrency-related crime cost victims over $11.3 billion last year. Cryptocurrency investment fraud alone accounted for $7.2 billion in losses—the vast majority of the $8.6 billion lost to all investment scams. This makes crypto fraud the highest-earning crime category for cybercriminals, far surpassing traditional phishing, which accounted for an estimated $215 million.

Brent Daniels, assistant director for the US Secret Service’s Office of Field Operations, noted: “Operation Atlantic demonstrated the importance and need for international collaboration to stop cryptocurrency fraud. Through this operation, investigators prevented millions of dollars in fraud losses and disrupted millions more in fraudulent transactions, denying criminals the ability to prey on innocent victims.”

How to Protect Yourself from Approval Phishing

Protecting against approval phishing requires vigilance. Never approve transactions from unsolicited pop-ups or emails, even if they appear legitimate. Always verify the source by contacting the service directly through official channels. Use hardware wallets for large holdings and enable multi-factor authentication where possible.

For more insights, read our guide on how to avoid crypto scams. Additionally, stay updated on the latest cryptocurrency fraud trends to recognize emerging threats.

Conclusion: A Model for Future Enforcement

Operation Atlantic serves as a powerful example of what global cooperation can achieve. By freezing $12 million in crypto losses and disrupting extensive fraud networks, the initiative has sent a clear message to cybercriminals. However, with billions still at stake, continued collaboration between law enforcement and the private sector remains essential. As the crypto landscape evolves, so too must the strategies to protect investors from exploitation.

FBI Dismantles $20 Million W3LL Phishing Operation in Joint International Effort

Law enforcement agencies from the United States and Indonesia have successfully dismantled a sophisticated phishing network responsible for over $20 million in fraudulent activity. The operation, led by the FBI’s Atlanta field office, targeted the W3LL phishing operation, a criminal enterprise that provided cybercriminals with a complete toolkit for stealing credentials and launching business email compromise (BEC) attacks.

How the W3LL Phishing Operation Worked

The W3LL phishing kit allowed attackers to create convincing fake login pages, tricking victims into surrendering their usernames and passwords. For a fee of just $500, anyone could purchase access to this malicious software. According to investigators, the kit was sold exclusively through the ‘W3LL Store,’ a members-only online marketplace that operated between 2019 and 2023.

This marketplace was not your typical underground bazaar. It functioned as a complete phishing ecosystem, offering a range of compatible tools that covered nearly every stage of a BEC attack. As a result, even cybercriminals with limited technical skills could launch highly effective campaigns. The FBI estimates that the W3LL Store facilitated the sale of more than 25,000 compromised accounts before it was shut down.

International Law Enforcement Action

The FBI seized the w3ll.store domain and identified the alleged developer, who is publicly referred to only as ‘G.L.’ Indonesian authorities played a critical role in the takedown, highlighting the global nature of modern cybercrime. The operation was first reported by Fox 5 Atlanta, which noted that the phishing activities continued even after the marketplace closed, moving to encrypted messaging apps between 2023 and 2025.

During this period, the W3LL phishing operation may have targeted over 17,000 victims worldwide. The FBI’s action sends a clear message: international cooperation is essential in disrupting these criminal networks.

Group-IB’s Discovery and Analysis

Cybersecurity firm Group-IB first uncovered the W3LL phishing operation in 2023. In a detailed report published that September, researchers traced the threat actor’s activities back to at least 2017. Initially, the actor sold a custom tool called the W3LL SMTP Sender for sending spam emails. Over time, they expanded their offerings to include a phishing kit specifically targeting Microsoft 365 accounts, which eventually led to the creation of the W3LL Store.

At the time of Group-IB’s report, the marketplace boasted over 500 active users and more than 12,000 items for sale. Researchers estimated that the W3LL Store generated approximately $500,000 for the actor over a 10-month period. Additionally, the phishing kit was linked to 850 phishing sites during that same timeframe.

What Made W3LL Different from Other Phishing Kits

Group-IB noted that the W3LL ecosystem stood out because it was not just a marketplace but a complete, integrated toolset. This approach streamlined the BEC attack chain, making it accessible to cybercriminals of all skill levels. The tools were fully compatible, allowing attackers to move seamlessly from sending phishing emails to harvesting credentials and executing fraud.

This level of sophistication is a growing concern for cybersecurity professionals. As phishing operations become more professional, businesses must invest in robust security awareness training and advanced threat detection systems.

Lessons for Businesses and Individuals

The takedown of the W3LL phishing operation is a significant victory, but it also serves as a stark reminder. Phishing remains one of the most common and effective attack vectors. Organizations should implement multi-factor authentication (MFA) and regularly educate employees about recognizing suspicious emails. For individuals, caution is key: never click on links in unsolicited messages, and always verify the authenticity of login pages.

Building on this, the case highlights the importance of threat intelligence sharing between private firms and law enforcement. Group-IB’s research was instrumental in understanding the scale of the operation, and the FBI’s swift action prevented further damage.

In conclusion, the dismantling of the W3LL network shows that cybercriminals are not invincible. However, the fight against such threats requires constant vigilance, international cooperation, and a proactive approach to cybersecurity.

Palantir CEO Alex Karp Posts Anti-Inclusivity Manifesto Attacking ‘Regressive’ Cultures

Palantir Technologies, the data analytics firm known for its work with U.S. immigration enforcement, has published a controversial 22-point manifesto that denounces inclusivity and what it calls “regressive” cultures. The document, posted on the company’s website, is a summary of CEO Alex Karp’s book “The Technological Republic” and has ignited fresh debate about the political leanings of Silicon Valley’s defense contractors.

Written by Karp and Palantir’s head of corporate affairs, Nicholas Zamiska, the manifesto argues that Silicon Valley owes a “moral debt” to the United States and warns that “free email is not enough” to justify the industry’s success. The post, which the company says it published “because we get asked a lot,” goes beyond typical corporate messaging to attack pluralism, critique post-war Germany and Japan, and advocate for AI-powered military deterrence.

What Does the Palantir Anti-Inclusivity Manifesto Say?

The manifesto takes direct aim at what it describes as “the shallow temptation of a vacant and hollow pluralism.” In Palantir’s view, a blind commitment to inclusivity ignores the fact that some cultures have produced great achievements while others have proven “middling, and worse, regressive and harmful.” This line has drawn particular criticism from observers who see it as an attack on democratic values.

Building on this theme, the document also criticizes the “postwar neutering of Germany and Japan,” arguing that the “defanging of Germany was an overcorrection for which Europe is now paying a heavy price.” It similarly warns that a “highly theatrical commitment to Japanese pacifism” could “threaten to shift the balance of power in Asia.” These statements reflect Karp’s long-standing belief that Western nations must adopt a more assertive global posture.

AI Weapons and the New Deterrence Era

Another key section of the manifesto focuses on artificial intelligence and national security. “The question is not whether A.I. weapons will be built; it is who will build them and for what purpose,” Palantir states. The company argues that adversaries “will not pause to indulge in theatrical debates about the merits of developing technologies with critical military and national security applications.”

This stance aligns with Palantir’s business model, which relies heavily on contracts with defense, intelligence, and immigration agencies. The company suggests that “the atomic age is ending” and that “a new era of deterrence built on A.I. is set to begin.” Critics, however, see this as a self-serving justification for expanding surveillance capabilities.

Reactions to Palantir’s Political Statement

Eli Higgins, CEO of the investigative website Bellingcat, offered a pointed response on social media, calling the manifesto “extremely normal and fine for a company to put this in a public statement.” His sarcasm underscored the unusual nature of a major corporation publishing such an overtly ideological document.

Higgins further argued that the manifesto is not simply a “defense of the West” but an attack on “key pillars of democracy that need rebuilding: verification, deliberation, and accountability.” He noted that Palantir’s revenue depends on the very politics it advocates, saying, “These 22 points aren’t philosophy floating in space, they’re the public ideology of a company whose revenue depends on the politics it’s advocating.”

Context: Palantir’s Role in Immigration Enforcement

The Palantir anti-inclusivity manifesto arrives at a time when the company faces increased scrutiny over its work with U.S. Immigration and Customs Enforcement (ICE). Congressional Democrats recently sent a letter to ICE and the Department of Homeland Security demanding more information about how Palantir’s tools are being used in the Trump administration’s aggressive deportation strategy.

Palantir has positioned itself as a defender of “the West” and a key player in national security, but critics argue that its technology enables human rights abuses. The company’s ideological bent has become a flashpoint in broader debates about the role of tech firms in government surveillance and military operations.

For more context on corporate political statements, check out our analysis of corporate political communication strategies. You can also read about AI ethics and defense contractors.

What This Means for Silicon Valley

Palantir’s manifesto suggests that the company sees itself as a moral actor, not just a service provider. It criticizes a culture that “almost snickers at [Elon] Musk’s interest in grand narrative” and calls for Silicon Valley to acknowledge its debt to the nation. However, many in the tech industry view this as a thinly veiled attempt to normalize far-right political positions.

As the debate over AI, immigration, and national security intensifies, Palantir’s willingness to publish such a document signals that the company is doubling down on its ideological identity. Whether this strategy will alienate customers or attract new ones remains to be seen. For now, the manifesto has succeeded in one thing: generating conversation about what a tech company should stand for.

Learn more about Silicon Valley’s political donations and influence in our dedicated report.