The Australian Federal Police (AFP) has announced an investigation into the loss of funds from over 2,000 Australian-owned cryptocurrency wallets impacted by a wave of crypto phishing scams. This comes in the wake of an in-depth Chainalysis investigation, dubbed Operation Spincaster, which identified these wallets as victims of “approval phishing” tactics.
Detective Superintendent Tim Stainton of the AFP emphasized the significance of the intelligence gathered through Operation Spincaster in an August 4 statement. “The intelligence we have gathered collaboratively throughout Operation Spincaster has shed a clear light on new tactics being used by cybercriminals in their continued efforts to defraud Australians,” he said. Stainton added that this intelligence will play a crucial role in ongoing investigations aimed at identifying cybercrime victims and disrupting offenders within Australia.
Approval Phishing Explained
Approval phishing scams involve tricking users into signing malicious transactions, thereby allowing scammers to transfer the victims’ tokens to their own wallets. These scams are often associated with fraudulent investment schemes promising high returns and romance scams, commonly known as pig-butchering scams. According to Chainalysis, victims have lost approximately $4 billion globally to approval phishing scams since May 2021.
Collaborative Efforts and Preventative Measures
Chainalysis is collaborating with the AFP’s Policing Cybercrime Coordination Center (PCCC) to advance ongoing investigations. This partnership follows a workshop hosted by the PCCC, where Chainalysis shared intelligence on compromised wallets, trained attendees on tracing stolen funds, provided guidance on detecting ongoing scam attempts, and discussed how to contact and support victims of approval phishing.
In addition to law enforcement efforts, several cryptocurrency exchanges—including BTC Markets, Binance, Crypto.com, Ebonex, Independent Reserve, OKX, SwyftX, and Wayex—are working to prevent Australians from falling victim to these scams.
Banking Sector’s Role
Over the past 12 to 14 months, Australian banks have proactively taken measures to prevent cryptocurrency scams by imposing restrictions or outright blocks on transfers to cryptocurrency exchanges. Notably, this includes the “Big Four” banks—Commonwealth Bank, National Australia Bank, Westpac, and Australia and New Zealand Banking Group—as well as Bendigo Bank and HSBC.
Impact and Outlook
Australians lost up to $840 million to investment scams in 2023, according to the country’s competition and consumer regulator. The intelligence and strategies developed through Operation Spincaster aim to mitigate these losses and enhance the protection of cryptocurrency holders in Australia.
Phil Larratt, Chainalysis’ Director of Investigations, lauded the partnership with Australian law enforcement but noted that continuous effort is essential to combat these sophisticated scammers.
Operation Spincaster has not only exposed the extent of approval phishing scams but also highlighted the importance of global cooperation in tackling cybercrime. As the AFP and Chainalysis continue to work together, the focus remains on disrupting cybercriminals and safeguarding the cryptocurrency community in Australia and beyond.