惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Heimdal Security Blog
S
Security @ Cisco Blogs
N
News | PayPal Newsroom
J
Java Code Geeks
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
V
V2EX
WordPress大学
WordPress大学
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
AI
AI
小众软件
小众软件
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
B
Blog RSS Feed
Forbes - Security
Forbes - Security
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
Project Zero
Project Zero
H
Hacker News: Front Page
Y
Y Combinator Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The Cloudflare Blog
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog

Chainalysis

OFAC Sanctions Iran Central Bank Crypto Wallets, Freezing $131M in Stablecoins - Chainalysis “Stern” Ransomware Operator Sanctioned by EU Chainalysis Supports Stable with Automatic Token Support - Chainalysis Daubert Standard: How Chainalysis Reactor Met the Bar Breadth, Depth, And Quality: Comparing Blockchain Analytics Vendors OFAC Sanctions 100+ ISIS-K Crypto Addresses Chainalysis Supports Robinhood Chain with Automatic Token Support An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics - Chainalysis 10 Questions to Ask Your Blockchain Analytics Provider Sandwich Attack: How JaredfromSubway Lost $7.5M - Chainalysis OFAC Sanctions ISIS Financial Facilitators Brazil's Crypto Crime Challenge: How Global Money Laundering Networks Target Latin America's Largest Market Brazil's Crypto Crime Challenge: How Global Money Laundering Networks Target Latin America's Largest Market Pre- and Post-Designation Sanctions Screening Ghana and the UK Recovered $15 Million via Blockchain Global Law Enforcement Dismantles ‘AudiA6’ Crypto Laundering Network Linked to Ransomware Gangs Chainalysis and the Korean National Police Agency (KNPA) Sign MoU to Strengthen Virtual Asset Investigation Capabilities 체이널리시스와 대한민국 경찰청(KNPA), 디지털 자산 수사 역량 강화를 위한 양해각서(MoU) 체결 The Hidden Code Problem: How Unverified Smart Contracts Are Becoming a Preferred Target for Attackers The $100 Million Crypto “Looksmaxxing” Boom: How Chinese Cartel Suppliers Pivoted to the Gray-Market Peptide Ecosystem Agentic Payments Cross the Threshold: Inside x402’s Path to Meaningful Adoption OFAC Sanctions Nobitex and Major Iranian Cryptocurrency Exchanges in Sweeping Evasion Crackdown The New Compliance Floor: Organizations are Adopting Stronger Than Ever Monitoring Practices U.K. Sanctions 18 Entities and Persons for Evading Russian Trade Blockades OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses OFAC Sanctions Sinaloa Cartel Fentanyl Trafficking and Crypto Laundering Network How Blockchain Intelligence Uncovered a Million-Euro Bitcoin Ordinals Tax Fraud Scheme Crypto Prediction Markets Explained: How the Blockchain Is Reshaping Forecasting Where to Build: A Data-Driven Guide to Blockchain Infrastructure for TradFi Tokenization Australia’s Crypto Crossroads: Regulation is Here, Now Comes the Hard Part OFAC Updates Central Bank of Iran Designation Following Record $344 Million Tether Seizure amid Strait of Hormuz Toll Controversy U.S. Government Unveils Sweeping Enforcement Actions Against Southeast Asian Scam Centers and Crypto Fraud Networks EU’s 20th Russia Sanctions Package Signals a New Era of Crypto-Specific Enforcement Inside the KelpDAO Bridge Exploit: How ~$292 Million in rsETH Was Released Against a Non-Existent Burn $30 Billion and Counting: How Tokenized RWAs Are Becoming a Mainstream Investment for Institutional Capital Sanctioned Russia-Linked Exchange Grinex Suspends Operations Following Alleged Cyberattack Iran’s Strait of Hormuz Crypto Toll: An Evolution of Tehran’s Expanding Use of Digital Assets Operation Atlantic: How Public-Private Collaboration Is Freezing Millions in Crypto Scam Proceeds The Drift Protocol Hack: How Privileged Access Led to a $285 Million Loss The $100 Trillion Wealth Shift: Stablecoin Utility and the Future of Payments Chainalysis Links NYC 2026: AI Amplification, TradFi Convergence, and the Power of Networked Intelligence Chainalysis、初のブロックチェーン・インテリジェンス・エージェントを発表 Chainalysis Introduces the First Blockchain Intelligence Agents From the Battlefield to the Blockchain: How Cryptocurrency Is Helping Finance the Drone Revolution Chainalysis Supports Tempo with Automatic Token Coverage 英国政府が Xinbi を制裁:中国語圏の暗号資産詐欺を支えるインフラの中核を指定
What Is Approval Phishing? Detect & Disrupt Crypto Scams at Scale
Chainalysis Team · 2026-06-17 · via Chainalysis

Chain of Thought is our new expert-hosted webinar series, taking you behind the scenes of real investigations, emerging typologies and the crypto crime trends our experts are seeing first-hand. The first session, Inside an Investment Scam Operation, brought Chainalysis investigators Seth DuBois and Renato Bastos in front of a live audience to walk through an active approval phishing operation — from the social engineering playbook that primes the victim, to the on-chain infrastructure that drains the wallet. Here’s what went down.

Setting the stage, the duo presented the numbers behind the typology – and they are stark. Chainalysis research showed that on-chain scams pulled in at least $14 billion in 2025, likely rising to $17 billion as more illicit addresses are attributed. The average payment to a single scam address rose 253% year on year. Scams augmented by AI were 4.5 times more profitable than those without.

Investment scams remained the dominant category, and approval phishing is how some of them play out on-chain. “The reality is, one case is never just one. Scammers reuse the same wallets, legitimate approval features from contracts and cash-out routes across victims, which means each report exposes a wider network”, says Renato, who has witnessed this trend across several cases he’s investigated.

What is approval phishing?

Approval phishing tricks a victim into giving a malicious actor access to their wallet. It can take the form of an innocuous-seeming transaction. The victim falsely believes that clicking “approve” will only initiate a minor task, like making a trade or moving some funds. But hidden inside are far more serious implications. The scammer gets the approval they need to drain all of the funds.

A complex social engineering operation often precedes this strike, and our investigators say the human signs are consistent. Each is a red flag for compliance professionals to intervene before the technical attack occurs:

  • Coached answers: Victims repeat generic, rehearsed lines (“personal use”, “value storage”) but cannot describe the investment details themselves.
  • Security stripping: Victims are guided off regulated exchanges and into self-custody, with the exchange account used only as a pass-through.
  • “Mentor” dependency and urgency: A supposed advisor directs every step, demanding real-time screenshots and fast execution to maintain control.
  • Out-of-character liquidity: Sudden large wires to crypto venues from customers with no prior digital asset activity.

Zoom back to the moment of approval. Renato walks through what exactly happens here: “The scammer can now drain the victim’s wallet whenever they please. They might move instantaneously or lurk until an ideal moment, like right after the victim deposits fresh funds from their exchange. No matter the timing, the scammer rushes the stolen crypto through a series of wallets, across bridges, and into exchanges for cash out.” He also highlights an important reminder: these blockchain transactions are inherently irreversible, but the damage doesn’t have to be.

How Chainalysis is tracking approval phishing

While scammers often tailor their tactics to individuals, they tend to move many victims’ funds through the same wallets. Tracing their activity is therefore easy with data platforms like Chainalysis DS. “Because the criminals reuse infrastructure, the typology becomes a query you can automate”, says Seth, recounting his experience in leading investigations into approval phishing.

Chainalysis has been tracking approval phishing rings for years. In 2024, we launched a pioneering initiative, Operation Spincaster, that aimed to bring together law enforcement and the private sector from six countries to disrupt and prevent approval phishing scams. Over 7000 leads processed during the several sprints helped investigators crack down on $162 million USD in losses, and even warned one would-be victim of their targeting. With the help of law enforcement they revoked the scammer’s approval before losing six figures in crypto. Follow-on actions like Operation DeCloak in the 100,000-person city of Delta, Canada, led to the freezing, seizing and return of approval phishing victim funds.

Operation Atlantic led by the UK’s National Crime Agency, the US Secret Service, the Ontario Provincial Police and the Ontario Securities Commission, with support from Chainalysis, identified more than 20,000 victims across Britain, Canada and the United States. The operation froze over $12M in suspected criminal proceeds and traced a further $45M to stolen crypto to related schemes. Officials used our on-chain data to identify at-risk wallets and disrupt the social engineering chain before scammers could strike.

How you can disrupt approval phishing

The same patterns that make approval phishing effective also make it catchable. Scammers route stolen crypto through the same consolidation wallets, reuse the same spender contracts, and cash out at the same exchange deposit addresses. That reused infrastructure is a vulnerability, and it’s the basis for turning ad hoc investigations into a standing capability.

Seth and Renato highlight four shifts that make the difference:

  1. Move detection upstream. Wire the approval phishing typology into your monitoring, so exposure surfaces automatically rather than waiting on a victim’s report. Map full phishing infrastructure, not only isolated cases. The Approval Phishing Scams dashboard in Chainalysis DS is built for this.
  2. Pivot faster on leads. Use on-chain intelligence to confirm exposure and scope a cluster quickly. When the address spending the funds isn’t the address that owns them, something could be wrong. By flagging this and cross-referencing it against known drain-destination wallets, compliance teams can freeze phishing-related funds before they leave the platform, or stop their own users from sending funds to addresses that have approved risky spenders, preventing potential and additional losses.
  3. Plug into the disruption network. Crypto-to-bank coordination is where this typology is most disruptable. Disrupting one operator prevents thousands of future victims. In the U.S., 314(b) information-sharing rules let banks and exchanges follow the money from fiat to crypto, acting before it’s too late.
  4. Build capability in-house. Train investigators, fraud prevention and compliance teams on the typology, and develop playbooks tailored to your operating environment, so the expertise compounds with each case and detection becomes repeatable.

Seth also ran through an approval phishing checklist that our webinar audiences could use with their retail customers: “For anyone holding crypto, practice common-sense security. Check the URL before connecting your wallet. Download apps from official stores, not from links in a group chat. And if someone you’ve never met is walking you through a transaction with urgency, take a pause. It may well be a scam”.

From signal to standing capability

Approval phishing operations are methodical, patient and increasingly automated. So is the response. Because criminals reuse the same wallets, legitimate approval features from contracts and cash-out routes across victims, one identified case exposes a wider network — and that network is fully queryable on-chain.

Operations Spincaster and Atlantic show what coordinated action achieves when on-chain intelligence reaches investigators in time. Turning that into a standing capability means moving detection upstream, pivoting faster on leads, plugging into the disruption network, and building the expertise in-house. Chainalysis supports each of those shifts. To discuss how, talk to our experts.

And to see how the experts dissect these cases to find victims and scale detection, watch the Chain of Thought session — Inside an Investment Scam Operation. To be notified about future Chain of Thought events, register your interest here.

This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. 

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.