Operation Avalanche Approval phishing and crypto fraud

You’ve been contacted by the AMF? You’ve come to the right place!

[Translate to English:] Cryptos

What is Operation Avalanche?

Operation Avalanche is a British Columbia Securities Commission-led initiative involving several Canadian regulators. Its goal is to disrupt and prevent crypto fraud in Canada and globally.

The operation, carried out in partnership with various crypto trading platforms, aims to inform identified victims, support them, attempt to recover their crypto and prevent further harm.

Through these efforts and by raising awareness about the dangers of crypto fraud, we can not only protect investors but create a safer environment for everyone.

Why did the AMF contact me?

The AMF investigations team, to support efforts to protect investors and recover crypto for victims of crypto fraud, may proactively call or e-mail individuals who have suffered losses or might have information relevant to an investigation.

What is crypto fraud?

Crypto fraud is where fraudsters, taking advantage of crypto’s growing appeal, separate you from your money by promising quick, high returns. They ultimately vanish, but only after attempting to extract ever-increasing amounts from you, leaving you with significant losses. They often use well-thought-out tactics and lures, such as flashy ads on social media, romance scams, deepfakesfraudulent investment sites or approval phishing.

What is approval phishing?

Approval phishing, often referred to as “pig butchering,” is where fraudsters get victims to give them access to their crypto wallet under false pretences and sometimes without their realizing it. Instead of requesting a password, fraudsters use deception to take over control of the wallet and thus the ability to empty it of crypto.

The fraudsters involved in the scam create fake requests to “approve” access to your wallet. If you click on “approve”, a link or a “button” on the fraudulent site, you may unknowingly hand over control of your crypto wallet to a fraudster. Although the fake requests appear to come from trusted sources and closely mimic legitimate apps and institutions, making them look authentic, they actually come from fake websites, fake apps or pop-ups and are delivered to you through compromised links or e-mails.

What to do if you fall victim to fraud?

Anyone can be a victim of fraud, so don’t beat yourself up. Scams often rely on promises of exceptional returns, using misconceptions about or the excitement surrounding new technologies to manipulate investors.

If you believe you have unknowingly granted access to your crypto wallet, act quickly!

Consider the address of the wallet that has interacted with the fraudsters compromised. The fraudsters have compromised your wallet address, which means they can appropriate the funds if they find out. Immediately stop responding to text messages, e-mails or calls from the scammers and protect your crypto.

There are several ways you can do this, including by:

  • Revoking any approval or consent you have knowingly or unknowingly given to individuals or companies to access your crypto wallets. You can review and revoke granted approvals using Etherscan's This link will open in a new window token approval checker:
    1. Select “Connect to Web3” and connect your crypto wallet
    2. Locate and review existing token approvals
    3. Click on “Revoke” to cancel any unauthorized approvals. A small fee may apply to revoke token approvals
  • If you hold an account with a crypto trading platform registered with the AMF, transferring the crypto from the compromised wallet to the registered platform.
  • Creating a new wallet and transferring the remaining crypto to it to avoid further losses.

Other tools may be used to revoke token approvals, depending on the type of wallet you have, including those available on the website revoke.cash This link will open in a new window.

  • Change the passwords for all the accounts the scammers have been able to access (crypto wallets, investment accounts, crypto trading platforms, e-mail accounts, etc.).
  • Enable Two-Factor Authentication (2FA) on all important accounts as additional security.

  • Review crypto wallet activity. Thoroughly check the transaction history of your wallet and trading platform accounts. Report any suspicious activity, such as unauthorized transfers, to the wallet provider or trading platform.
  • Promptly contact your financial institution or payment provider if your bank accounts have been used, and request that all unauthorized transactions be stopped or cancelled.

Gather all the information you have:

  • Record of the sequence of events that led to the fraud
  • Documents and receipts
  • Copies of e-mails or text messages
  • Proof of transfers
  • Screenshots of the investment websites

  • Beware of collection services that promise to recover lost funds or crypto for a fee. These services are sometimes fraudulent.
  • Buy and sell crypto using trading platforms registered in Québec. Check the AMF’s register.
  • Carefully check the URL or application you use to access crypto services because phishing sites can look almost identical to legitimate ones. Check the website’s URL: If the site’s legitimate, it will usually start with “https”, indicating that the connection is secure.
A URL starting with “https” indicates that the connection is secure
Information End of the Information