Binance says it helped support a UK-led international enforcement effort targeting approval phishing scams, one of the most damaging fraud models now hitting crypto users. In a new release, the exchange said it took part in Operation Atlantic, an operation led by the UK’s National Crime Agency alongside the U.S. Secret Service, Ontario Provincial Police and Ontario Securities Commission. Binance said the week-long effort identified more than 20,000 victims across the UK, Canada and the United States, with more than $12 million in suspected criminal proceeds frozen.
The stronger angle here is not simply that Binance cooperated with law enforcement. It is that the operation focused on a fast-growing scam method that targets how people interact with their own wallets, not just centralized exchange accounts. That makes this a market infrastructure and user-safety story as much as a law-enforcement headline.
Operation Atlantic targeted one of crypto’s most damaging scam models
According to the NCA, Operation Atlantic is an ongoing initiative designed to identify and contact people who may have been affected by cryptoasset fraud, especially approval phishing. The agency says this scam works by tricking victims into approving access to their crypto wallets through fake websites, apps or pop-ups that appear legitimate. Once the approval is granted, the scammer can move the victim’s assets out of the wallet.
Binance’s release places that fraud model inside a broader investment scam pattern. The company says approval phishing is often used in fake investment schemes, including “pig butchering”-style scams, where victims are manipulated into sending larger and larger sums over time. That matters because it shows the fraud is not just technical. It is also psychological and often sustained over weeks or months.
Binance’s role was intelligence, screening and victim identification
Binance says its Special Investigations team was deployed on-site at the NCA’s London headquarters during the operation. The company says its staff provided live account screening, proactive scam intelligence and rapid victim identification support to help investigators reach people who had already lost funds or were still at risk.
The exchange also says it supplied actionable intelligence on suspected bad actors and conducted research that identified scam websites that were still actively defrauding victims while the operation was underway. That is important because it suggests the effort was not limited to tracing past losses. It also aimed to interrupt scams that were still running in real time.
Binance says the frozen funds were not on its platform
One detail in the release is especially worth noting. Binance says no funds were seized or frozen from Binance accounts, because the criminal proceeds targeted by the operation were being held outside the Binance platform. That helps narrow what the company is claiming here: this was intelligence and investigative support, not a case where Binance froze the proceeds directly on its own exchange.
The NCA is using this as a warning to wallet users
The NCA’s own Operation Atlantic page makes clear that law enforcement sees approval phishing as a consumer protection problem as well as a criminal investigation problem. The agency says it is working with virtual asset service providers in the UK to contact potential victims by phone and email, explain the risks and tell them what steps can be taken to prevent more losses.
The agency also gives unusually practical advice: act quickly, be wary of unsolicited investment approaches, check URLs carefully before approving transactions, use multi-factor authentication, and regularly review wallet approvals through tools such as Revoke.cash and Etherscan. That is a sign this campaign is not only about arrests or seizures. It is also about changing user behavior in a part of crypto where a single mistaken approval can empty a wallet.
Why this matters now
This case underlines a broader shift in crypto crime. Some of the most serious attacks no longer depend on hacking exchanges or stealing private keys directly. Instead, criminals are exploiting wallet permission systems and using social engineering to get users to authorize the theft themselves. That makes these scams harder to stop with simple custodial security alone. This is an analytical conclusion based on the scam method described by Binance and the NCA.
It also shows how enforcement is changing. Operation Atlantic was not framed as a single-jurisdiction takedown. It was a multi-country effort combining law enforcement, regulators and private sector crypto investigators. For the industry, that suggests anti-fraud operations are becoming more coordinated and more data-driven, especially where victim tracing and wallet intelligence are involved. This is an inference based on the structure of the operation described in the sources.
Why it matters for crypto
- It shows approval phishing is now one of the clearest live risk areas for everyday crypto users, especially those using self-custody wallets.
- It highlights that some of the most effective crypto enforcement now depends on cooperation between exchanges, investigators and regulators across borders.
- It reinforces that wallet security is not only about private keys, but also about understanding what permissions users are granting onchain.
- It also suggests major exchanges increasingly want to present themselves as investigative partners in anti-fraud operations, not only trading venues. This is an analytical inference based on Binance’s role and framing.
What to watch next
- Whether the NCA and its partners publish more detail on the networks, wallets or scam infrastructure tied to Operation Atlantic.
- Whether more exchanges begin actively scanning for approval phishing exposure and contacting at-risk users before funds are drained. This is an inference based on Binance’s stated role in victim identification.
- Whether wallet tools that surface and revoke dangerous approvals become more standard across the industry after cases like this. This is an inference based on the NCA’s user guidance.
- Whether approval phishing gets treated by regulators and exchanges as a top-tier fraud category rather than a niche self-custody issue. This is an analytical inference from the scale of the operation and the number of victims cited.