Law enforcement agencies in the United States, the United Kingdom, and Canada have opened a coordinated campaign against organized cryptocurrency fraud with the launch of Operation Atlantic. The initiative targets approval-phishing and investment scams, including pig butchering, through a cross-border model built on disruption, tracing, and victim intervention.

Officials said the operation expands earlier multinational efforts and is designed to identify compromised wallets more quickly, warn potential victims before funds are drained, and pursue recovery of stolen assets through coordinated investigative action. The strategy reflects a shift from reactive casework toward real-time intervention against fraud networks operating across multiple jurisdictions.

International law enforcement operation seeks to disrupt crypto fraud: https://t.co/PdBaLuvYkd

This week, law enforcement agencies from the United States, United Kingdom and Canada are conducting Operation Atlantic, a joint international law enforcement initiative focused on… pic.twitter.com/voS59PLZE8

— OSC News (@OSC_News) March 16, 2026

A Cross-Border Enforcement Model Focused on Speed

Operation Atlantic brings together investigators, prosecutors, and market regulators in a synchronized framework that shares intelligence and conducts actions across borders at the same time. The coalition includes the U.S. Secret Service, the U.S. Attorney’s Office for the District of Columbia, the UK’s National Crime Agency and City of London Police, the UK’s Financial Conduct Authority, Canada’s Ontario Provincial Police, the Royal Canadian Mounted Police, and the Ontario Securities Commission.

Authorities said the operation is centered on three immediate objectives: identifying live scam activity, reaching victims before additional losses occur, and tracing funds on-chain in order to support recovery and enforcement. The campaign is structured to interrupt fraudulent approval flows before criminals can fully exploit them.

The Scale of the Fraud Problem Is Driving the Response

Officials framed the launch against a backdrop of large and persistent losses in crypto-related fraud. They estimate that approval-phishing alone drained about $2.7 billion between May 2021 and July 2024, while on-chain scam revenue for 2025 has been placed at roughly $14 billion with projections rising toward $17 billion as more illicit wallets are identified.

The operation also builds on earlier enforcement and intelligence models that produced measurable results. Authorities pointed to Canada’s 2024 Project Atlas, which identified more than 2,000 compromised wallets, disrupted an estimated $70 million in potential fraud, and froze about $24 million, as well as Chainalysis’ 2024 Operation Spincaster, which generated more than 7,000 investigative leads tied to roughly $162 million in approval-phishing losses.

Operation Atlantic uses a multi-layered approach that combines automated detection of approval-phishing patterns, coordinated takedowns of fraudulent web infrastructure, and direct outreach to victims by phone and email. Officials also emphasized the role of private-sector intelligence partners in mapping transaction flows and accelerating the seizure or recovery of illicit proceeds.

Authorities said the campaign is specifically focused on the industrialized nature of modern scam activity, including phishing-as-a-service operations that scale social engineering and automate wallet permission abuse. By moving before permissioned transfers fully settle, the operation aims to cut into the timing advantage that criminals use to fragment and obscure stolen funds across chains.

The launch of Operation Atlantic is likely to bring more law enforcement requests, faster domain takedowns, and broader sharing of indicators of compromise across the digital-asset sector.

Authorities said they intend to extend the Project Atlas model into more jurisdictions and improve real-time detection of approval anomalies. The practical impact will be measured in faster incident response, more aggressive disruption of deceptive interfaces, and, if the model works as intended, fewer successful approval-phishing attacks.