Unmasking the $4.3 million fraud scheme using 'Approval Phishing' on Ethereum

In a large-scale collaborative operation between the U.S. Secret Service and Canadian law enforcement agencies, a sophisticated fraud scheme targeting Ethereum wallet users was uncovered and intervened in time, preventing estimated damages of up to $4.3 million. This is one of the latest incidents that illustrate the potential dangers of the 'Approval Phishing' scam in the crypto world – an increasingly common attack that inflicts severe damage.

What is Approval Phishing? Why is it dangerous?

Approval Phishing is a form of attack that #Hacker deceives users into signing transactions that allow hackers to withdraw assets from the victim's wallet. The danger is that this transaction appears to be a legitimate action, and users do not realize they are granting 'full' access rights to the fraudster.

This trick is often disguised in fake romance scams ('pig butchering'), fraudulent airdrops, or platforms impersonating reputable wallets/DeFi/NFT. Once users sign, hackers can quietly withdraw tokens at any time, even without further confirmation.

Operation Avalanche: The multinational crackdown

The campaign named Avalanche (not related to the Avalanche network or token $AVAX ), was carried out by:

• U.S. Secret Service

  
  

  
  

• British Columbia Securities Commission (BCSC)

  
  

  
  

• Provincial Police of Ontario and Alberta

  
  

  
  

• Québec Financial Markets Authority (AMF)

  
  

  
  

• Ontario Securities Commission (OSC)

  
  

  
  

• Delta City Police, Vancouver

  
  

  
  

• Royal Canadian Mounted Police (RCMP)

  
  

  
  

• An anonymous crypto exchange

  
  

  
  

• A third-party blockchain analytics company

  
  

  
  

The campaign not only targeted victims who had lost money but also proactively contacted wallets that had been granted unauthorized access – even if they had not yet been robbed. This is an important step to help prevent damage before it occurs.

Secret Service speaks out

Matt McCool, special agent in charge of the Washington Office of the U.S. Secret Service, stated:

"We will continue to cooperate with Canadian authorities and financial partners to identify, seize stolen assets, and return them to victims."

He emphasized the organization’s long-term commitment to protecting crypto users while raising awareness about sophisticated attack methods such as #approvalphishing .

Not the first incident

The Secret Service has also recently participated in large-scale anti-crypto fraud campaigns. The most recent was the crackdown on the Garantex exchange (believed to be linked to hacker groups and sanctioned banks in Russia). This shows that law enforcement agencies are accelerating investigations and crackdowns on blockchain crime.

Billions of dollars have been stolen – and the number is still rising

According to statistics from blockchain analytics company Chainalysis, from May 2021 to July 2024, a total of $2.7 billion has been stolen through approval phishing incidents. This figure does not include unreported cases – which are believed to be very common, as many victims are unaware they have been scammed or do not dare to report it.

A typical example is the $120 million BadgerDAO hack in 2021 – where hackers deceived organizations into approving malicious contracts. However, most victims are wealthy individuals, especially those who own NFTs or high-value tokens, which are easy targets for sophisticated scam campaigns.

In fact, a famous NFT collector once lost nearly $2 million due to the 'ice phishing' scam – a variant of approval phishing, in which the malicious contract is disguised as a legitimate transaction.

A lesson for crypto users – caution is never enough

The incident is a wake-up call for the crypto community – especially for those using decentralized wallets (DeFi). Here are some important principles to avoid approval phishing:

• Do not sign transactions if you do not fully understand the content.
  
  Most attacks rely on ignorance or negligence on the part of the user.

  
  

  
  

• Use access approval checking tools.
  
  There are many websites and extensions that allow you to check and revoke access rights of previously granted contracts.

  
  

• Do not click on suspicious links, even from 'friends'.
  
  Many phishing incidents stem from an account being hacked and sending malicious links to friends.

  
  

  
  

• Ask questions when you are 'proposed' to invest or airdrop.
  
  Enticing offers often come with dangerous traps.

  
  

  
  

Contact Binance users and the crypto market

Although the incident did not occur on the Binance platform, it serves as an important reminder for all users operating within the crypto ecosystem, including Binance users.

Most approval phishing attacks occur outside exchanges, in Web3 wallet environments like MetaMask, Phantom, or NFT interaction platforms. Therefore, whether using Binance or any other major platform, users still need to protect themselves when connecting wallets to unknown websites or projects.

Binance and many large exchanges now have phishing alert features and multi-layered security systems, but the ultimate responsibility still lies with users to carefully check transactions and secure their private keys.

Conclusion

The successful crackdown by the Secret Service and Canada shows the global will to combat blockchain crime, while affirming that regardless of technological advancements, human factors and awareness remain the first line of defense.

The on-chain world is full of potential but also full of traps. Don't let carelessness make you the next victim.

⚠️ Risk Warning:

Investing and trading cryptocurrencies always carry high risks. Users should be well-informed, cautious with decentralized wallet transactions, and absolutely do not sign transactions they do not fully understand. Crypto is not for everyone – research thoroughly before participating.#anhbacong