The AFP has collaborated with a blockchain data platform to target criminal cryptocurrency scammers in a global operation that identified more than 2000 compromised crypto wallets belonging to Australians.
The joint activity, known as Operation Spincaster, targeted criminals using a tactic called 'approval phishing', which has been used to steal more than $4 billion in cryptocurrency from unsuspecting victims globally since May 2021.
The AFP has ongoing investigations into the Australian losses identified in Operation Spincaster and has developed further intelligence about cryptocurrency scam tactics to help prevent more Australians being scammed.
The AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) and Chainalysis, the blockchain data platform, targeted 'approval phishing' scams, in which criminals deceive victims into signing a malicious blockchain transaction.
Once signed, the criminal has access to the victims' crypto wallet and can spend specific tokens inside the victim's cryptocurrency wallet. This method allows the criminal to drain the victim's wallet of those tokens at will, which is similar to giving someone permission to transfer money from your online bank account.
Approval phishing is increasingly seen in investment scams, where victims are offered high returns on cryptocurrency investments, and romance scams, where criminals use the illusion of a romantic or close relationship to manipulate and steal from victims.
As part of Chainalysis' Operation Spincaster, more than 100 attendees from digital currency exchanges and public agencies from the US, UK, Canada, Spain, Netherlands and Australia participated in training sessions between April and June 2024.
Australia became involved in Operation Spincaster in June 2024 with the JPC3 hosting a workshop with Chainalysis, digital currency exchanges, government and law enforcement agencies.
The workshop involved Chainalysis sharing intelligence about compromised wallets, training on tracing stolen funds, guidance on detecting ongoing scam attempts in real time, and discussions about how to contact and support victims of approval phishing.
AFP Detective Superintendent Tim Stainton said cybercrime was borderless and cannot be tackled by one country or agency alone.
"Working together and sharing knowledge with industry, government and law enforcement partners is crucial," he said.
"The intelligence we have gathered collaboratively throughout Operation Spincaster has shed a clear light on new tactics being used by cybercriminals in their continued efforts to defraud Australians.
"It will form a key part of our ongoing investigations to identify cybercrime victims and disrupt offenders in Australia.
"We thank the digital currency exchanges, BTC Markets, Binance, Crypto.com, Ebonex, Independent Reserve, OKX, SwyftX, and Wayex, for their commitment to identifying Australian victims, to provide support and prevent ongoing victimisation and monetary loss in Australia."
Chainalysis Director of Investigations Phil Larratt said they were proud to work with Australian law enforcement agencies, providing investigation support and innovative crime prevention capabilities while strengthening public and private sector partnerships to collectively combat scams.
"The results of the operational sprints are enduring and create a positive impact in tackling a growing threat facing the community.
"There is still much to do in this relentless fight against scams, but proactive initiatives such as Operation Spincaster, where we bring together key stakeholders across the ecosystem as a collective, are a pivotal step in disrupting the global scam epidemic.
"We look forward to the continued success of these sprints and playing our part in enabling agencies in Australia and across the globe with the tools and expertise on this journey."
Australians should remain vigilant of approval phishing and are reminded to consider the following when dealing with blockchain transactions:
- Cryptocurrency users should verify approval transactions before signing them, and should not sign without fully trusting the person or the company on the other end;
- Be sceptical of urgent requests for money or personal information, even if they appear to come from trusted sources;
- Use search engines and social media to research the person or company's background and ensure their identity matches their online presence;
- Romance scammers, in particular, could profess love or strong emotions quickly to manipulate their targets emotionally. Be aware of these signs. Always verify the identity of the person you're communicating with online. Request video calls or meetings in person if possible;
- Trust your instincts. If it seems too good to be true, it probably is;
- Report any suspicious profiles or interactions to the platform or authorities responsible for online fraud; and
- Stay informed about the latest scam tactics and be aware of common signs of scams. Visit Chainalysis' blog to learn more about approval phishing.