In 2024, scams with a crypto nexus surged, becoming one of the most lucrative areas of illicit activity YTD, earning billions of dollars in cryptocurrency. Now more than ever, law enforcement must be equipped with the knowledge and skills to combat this growing crime. Contrary to the belief that only large national agencies or elite cybercrime units handle these investigations, crypto crime impacts communities of all sizes worldwide. With the right training and resources, local agencies can effectively respond just as well.
A few months ago, we announced our pioneering initiative Operation Spincaster, aimed at disrupting and preventing scams through public-private sector collaboration and blockchain intelligence. We have seen great successes on a national level, with concurrent operations across six countries.
Today, we’re proud to share that Operation Spincaster has successfully landed in Delta, Canada, a city with just over 100,000 in population. Chainalysis hosted a localized sprint named Operation DeCloak, in collaboration with the Delta Police Department over two days in September 2024. The sprint brought together seven law enforcement agencies (LEAs) and two cryptocurrency exchanges, including the Royal Canadian Mounted Police (RCMP), Victoria Police, the British Columbia Securities Commission (BCSC), the British Columbia Financial Services Authority (BCFSA), the British Columbia Prosecution Service, the Vancouver Police Department, Shakepay, and others. This is the second Operation Spincaster sprint in Canada, reflecting the nation’s proactive approach towards combating scams.
Thanks to the transparency of the blockchain, we gathered intelligence from the Chainalysis data platform and disseminated nearly 100 leads to investigate scams that leveraged approval phishing – a tactic whereby scammers trick users into signing a malicious blockchain transaction that gives the scammer’s address approval to spend funds held in a victim’s wallet. We also conducted training sessions to investigate these leads, traced stolen funds, and identified additional compromised wallets using Chainalysis Crypto Investigations solutions.Â
The outcomes are remarkable. Investigators identified over 1,100 victims of cryptocurrency scams, including a significant number of potential Canadian victims. During the operation, 240 crypto addresses were closely examined, revealing an estimated collective loss of over US $25 million. The participating LEAs and cryptocurrency exchanges are working closely to notify identified victims, prevent additional harm, and further investigate and seize the stolen funds. Attendees also participated in dialogues on disruption policies and strategies to combat illicit on-chain activity.
Additionally, following the hands-on training provided during the sprint, participating LEAs were able to apply new techniques to a previous investigation, which identified new stolen cryptocurrency funds in a blacklisted address containing $1.2 million USD. This address was in the process of being seized by an overseas LEA. The Delta Police Department Cybercrime Unit also identified an additional 70 transactions with a value of $800K USD sent from Canadian exchanges. The exchanges are notifying victims and are working to seize and return the funds to them.
Staff Sergeant Jill Long who oversees the Cybercrime Team at the Delta Police Department shared, “The Delta Police Department is deeply grateful for the training and collaboration provided by our private industry partners, including Chainalysis, during this operation. Their expertise and innovative tools were instrumental in identifying victims, tracking stolen funds, and disrupting international cryptocurrency fraud schemes. The knowledge and skills gained through this partnership will undoubtedly enhance our ability to combat future fraud and protect Deltans, as well as other Canadians, from these complex crimes. Together, we are setting a strong precedent for tackling illicit activity and safeguarding our communities.”
Paolo Ardoino, CEO of Tether, who played a role in freezing funds associated with scams discovered in the sprint, said, “The success of Operation Spincaster is a powerful example of how blockchain technology, combined with public-private collaboration, can make a tangible difference in combating illicit activities. At Tether, we’ve long advocated for transparency and accountability within the cryptocurrency ecosystem, and we are proud to see initiatives like these equipping local law enforcement with the tools and training they need to protect their communities. By leveraging the transparency of blockchain technology, we can not only trace and freeze stolen funds but also send a strong message that crypto can be a force for good. These efforts are crucial in ensuring that digital assets remain a safe and trusted tool for innovation and financial empowerment worldwide.”
The interplay of public-private sector collaboration and blockchain intelligenceÂ
The success of Operation DeCloak was made possible by two key factors: (1) collaboration between the public and private sectors, and; (2) the use of advanced blockchain intelligence solutions.
Scams are often difficult to investigate and track because the nature of the crime involves both on- and off-chain activities, aside from it being a highly underreported crime type. However, the inherent transparency of the blockchain, coupled with advanced blockchain analytics solutions, empower investigators to recognize and disrupt complex patterns, especially since approval phishing scams generally consist of the following characteristics:
- Victims are typically instructed by scammers to set up their own self-custodial wallet
- Victims purchase crypto at centralized exchanges (CEXs) in Canada, and then send these funds to a self-custody wallet
- Scammers make payments to victims, enticing them to add funds into their self-custodial wallets
- Scammers then entice victims to send crypto to destination addresses, thereby draining the victim’s wallet/funds
- The scammer consolidates drained crypto from many different victims
Funds from scams are typically moved from consolidation addresses to cash out points — primarily CEXs — as we see on the graph below.
Based on these patterns, CEX compliance teams can proactively monitor for suspected approval phishing consolidation wallets with heavy exposure to known destination addresses. They can then see—in real time— when those wallets move funds to their platform, and can then automatically freeze the funds and/or report the transactions in question to law enforcement.
Operation DeCloak exemplifies the power of public-private collaboration in leveraging blockchain analytics to combat and prevent scams at the local level. Chainalysis remains dedicated to enhancing the cryptocurrency ecosystem’s ability to address illicit activities, and we will continue to work with law enforcement and CEXs through Operation Spincaster in the coming months.
How Chainalysis can help
Tackling scams requires robust international collaboration across the ecosystem, which is why we partner with organizations like the Global Anti Scam Organization to enhance our intelligence and effectiveness in combating scams.
Our Crypto Investigations Solution helps tackle crypto-related scams at every stage of the investigation:
- Discover: Uncover leads and intelligence with blockchain data and analytics.
- Analyze: Trace the flow of funds across blockchains, connect transactions, and reveal relationships between wallets and off-chain entities.
- Disrupt: Leverage data-backed insights to seize stolen funds and shut down illicit operations before they grow.
With trusted blockchain intelligence, advanced technology, and expert insights, government agencies and cryptocurrency exchanges can protect victims by efficiently responding to crypto scams and other cybercrimes.
Get in touch today to see how we can help you detect, deter, and disrupt scam operations and build a safer, more secure future for your community.
Cybercrime prevention recommendations
We always advocate taking a moment to stop and think before engaging in any investment opportunity. If it sounds too good to be true, it usually is.
- Take the time to conduct due diligence on any potential investment opportunities and counterparties.
- Never click blindly or follow a link without ascertaining the sender’s true identity and fully knowing where this will lead.
- Most importantly, if unexpectedly prompted to approve a spender within your cryptocurrency wallet, reject the transaction. If in doubt, always seek advice from a trusted third party, ideally in person.
- Stay on top of the latest recommendations and guidance from your local LEAs, critical infrastructure providers and Chainalysis.