Approval Phishing Scams Cost Crypto Users Billions Annually

Approval phishing, a growing cryptocurrency scam that exploits on-chain wallet permissions, is siphoning billions of dollars from unsuspecting users. According to Chainalysis, these scams pulled in at least $14 billion in 2025, with projections suggesting a rise to $17 billion in 2026 as more scam-linked addresses are identified. This tactic has become a cornerstone for crypto fraud networks, prompting law enforcement and blockchain analytics firms to take action.

At its core, approval phishing tricks victims into signing legitimate-looking blockchain transactions that grant scammers access to their wallets. Users often believe they're authorizing a simple task, like transferring tokens or making a trade, but instead, they unknowingly enable malicious actors to drain their funds. Blockchain's irreversible nature compounds the damage, making prevention and early detection critical.

How Scammers Exploit Wallet Approvals

Scammers exploit the ERC-20 token approval mechanism, widely used on the Ethereum network. This feature allows users to grant smart contracts permission to spend tokens on their behalf. While intended for convenience, the system's design is vulnerable to abuse by phishing schemes. Victims are often targeted through fake links, pop-ups, and even physical mail that directs them to malicious wallet interactions.

Chainalysis experts describe a typical phishing operation as highly coordinated, combining social engineering with technical precision. Victims may be coached by fake "mentors" to move funds into self-custody wallets, where scammers can execute their final attack. Renato Bastos, a Chainalysis investigator, notes, “One case is never just one. Scammers reuse infrastructure—wallets, approval features, and cash-out routes—so tracking one victim can expose an entire network.”

Disrupting Approval Phishing at Scale

Efforts to combat approval phishing are gaining momentum. Operation Atlantic, a joint initiative launched in March 2026 by U.S., UK, and Canadian authorities, has already frozen $12 million in suspected criminal proceeds and identified over 20,000 victims. Chainalysis played a key role, using on-chain analytics to map scam networks and trace stolen funds across wallets and exchanges. Earlier campaigns like Operation Spincaster in 2024 recovered $162 million by targeting phishing rings that shared wallet infrastructure.

Technology is also evolving to address the issue. On May 12, 2026, the Ethereum Foundation introduced a 'Clear Signing' standard, replacing opaque transaction data with human-readable explanations to help users recognize suspicious approvals. This initiative aims to curb phishing incidents by making wallet interactions more transparent.

Preventing Future Losses

Chainalysis recommends several proactive measures to disrupt approval phishing:

• Upstream detection: Integrate phishing typologies into monitoring systems to flag suspicious wallet activity before victims report it.
• Rapid response: Use on-chain intelligence to identify clusters of scam activity and freeze funds quickly.
• Collaboration: Share information across banks, exchanges, and regulators to prevent scammers from cashing out illicit gains.
• Education: Train compliance teams and educate users to recognize phishing signs, such as unusual transaction requests or high-pressure tactics.

The Path Forward

Approval phishing is a methodical and increasingly automated threat, but its reliance on shared infrastructure offers a clear path for disruption. By combining advanced analytics with coordinated law enforcement action, the crypto industry is making strides in limiting the damage. Users, too, have a role to play: scrutinize transaction requests, avoid downloading wallet apps from unofficial sources, and be wary of unsolicited advice from unknown "advisors."

As scams evolve, so must the defenses. Chainalysis and its partners continue to refine their tools and strategies, ensuring that approval phishing becomes harder to execute and easier to detect. For more insights, check out Chainalysis' recent webinar, "Inside an Investment Scam Operation," available on their website.