Operation Avalanche: Protecting Canadians from Crypto Fraud

A group of Canadian securities regulators and police agencies are gathered in Vancouver March 11-12, 2025 in a concerted effort to identify and contact potential victims of crypto fraud.

Operation Avalanche is being led by the BC Securities Commission and includes the following partners:

  • Alberta Securities Commission
  • Ontario Securities Commission
  • L'Autorité des marchés financiers
  • RCMP
  • Delta Police Department
  • Vancouver Police Department
  • U.S. Secret Service

Members of these agencies will be working with crypto trading platforms that are registered to operate in Canada to contact potential victims by telephone and email, during the operation and in subsequent weeks, to explain the threat and what they can do to minimize or prevent future harm.

If you are contacted by any of the Operation Avalanche participants and want to verify the authenticity of the call or email, or you have any other questions or concerns, please contact the ASC’s Contact Centre:

  • Telephone: 403-355-4151 or 1-877-355-4488 (toll-free across Canada)
  • Email: inquiries@asc.ca

Approval phishing

Operation Avalanche is focused on identifying Canadians who may have lost – or are at risk of losing – crypto assets through “approval phishing.” This tactic is often used in online investment fraud, often referred to as “pig butchering,” to lure victims into handing over ever-increasing amounts to scammers.

Approval phishing tricks individuals into granting control over their cryptocurrency wallets to scammers.

  • By clicking the approval, the victim unknowingly hands over control of their crypto wallets to the attacker.
  • Victims are sent a fake request to “approve” access to their wallet that appears to come from a trusted source, via fake websites, apps, or pop-ups delivered through compromised links or emails.
  • The fraudster can then empty the victim’s crypto wallet by moving their crypto to a separate wallet in an attempt to hinder tracing of the assets.

Pro-actively warning victims

The vicitm’s approval is visible on the Ethereum blockchain, so participants in Operation Avalanche are able to identify wallets on that blockchain that have been compromised in this way.

The participating agencies will work with crypto trading platforms to identify the owners of those wallets and contact them by telephone or email, to:

  • Warn them of potential ongoing risks to their crypto assets
  • Provide guidance on how to secure their crypto holdings
  • Assist in gathering intelligence to disrupt fraud networks

How to protect yourself

To safeguard your crypto assets, follow these tips to prevent approval phishing:
  • Act quickly: In cryptocurrency scams, time is critical in tracking and recovering lost funds.
  • Be cautious of unsolicited investment opportunities: Fraudsters often pose as legitimate financial advisors or companies, or as a potential friend or romantic partner.
  • Verify URLs before approving transactions: Approval phishing scams trick users into granting scammers control over their wallets. Always double-check the website and transaction details.
  • Use multi-factor authentication on exchange accounts: This adds an extra layer of security against unauthorized access.
  • Monitor wallet approvals regularly: Tools like Revoke.cash and Etherscan can help users check and revoke unnecessary permissions granted to third-party apps.
  • Stay informed: Follow updates from financial regulators, law enforcement, and cybersecurity experts to stay ahead of evolving threats.

What to do if your wallet is compromised

If you suspect your wallet has been compromised, act quickly:

  • Stop communicating with scammers. Do not respond to calls, emails, or messages from those involved in the scam. Scammers may try to convince you to send more funds or share additional personal information.
  • Secure your crypto accounts. Change passwords for your wallet, crypto trading platforms, and email accounts. Enable Two-Factor Authentication (2FA).
  • Revoke unauthorized token approvals. Use Etherscan’s Token Approval Checker or Revoke.cash:
    • Etherscan:
      • Click on “Connect to Web3” button to link your wallet
      • Review token approvals
      • Revoke any unauthorized permissions.
      • Note: A small transaction fee may apply.
    • Revoke.cash
      • Open up a browser that has your wallet software program on it.
      • Navigate to revoke.cash.
      • Click on Connect Wallet and then select your type of wallet.
      • For example, with Metamask, you’ll see the Metamask Login Screen, press “Connect”
      • Click “Revoke” to revoke approval and follow applicable instructions on screen.
  • Check for unauthorized transactions. Review your wallet activity and report suspicious transactions to your crypto trading platform or wallet provider.
    Beware of recovery scams. Be cautious of services that promise to retrieve stolen funds or crypto for a fee. Many of these offers are fraudulent. Note: Agencies participating in Operation Avalanche will not be offering to retrieve lost funds.
  • Notify your financial institution. If bank accounts were used to fund the fraudulent transactions, report them to the financial institution and inquire about potential reversals.
  • Report the fraud. Contact your local regulator or law enforcement agency or the Canadian Anti-Fraud Center.