Three days ago, the U.S. Secret Service, UK National Crime Agency, Ontario Provincial Police, and Coinbase published the results of a coordinated operation across 30 countries. They traced $45 million in stolen crypto to a single attack pattern: approval phishing. Victims sign blockchain transactions that grant persistent, unlimited access to their tokens. No keys stolen. No contracts exploited. The victim’s own signature is the weapon.
The same week, ZachXBT flagged a Kraken user who lost $18.2 million through social engineering. Different mechanism — account-level manipulation, not on-chain approvals — but identical structural failure. At the moment the funds moved, nothing verified the human behind the action.
One attack is on-chain. One is off-chain. Both are identity problems disguised as security problems.
No keys stolen. No contract exploited. The victim’s own signature was the weapon — and the only thing missing between the request and the transfer was a verification the human still meant it.
The anatomy of an approval phish
Approval phishing is misnamed. It sounds like a pop-up you accidentally clicked. In practice, it’s a staged transaction that looks legitimate on every surface the victim can see — and does something entirely different underneath.
- Step 1 — Bait. Attacker deploys a spoofed dApp. Fake token claim, fake airdrop, fake staking migration. The URL is one character off: app.uniswop.io instead of app.uniswap.org. The frontend is pixel-identical.
- Step 2 — Connect. Victim connects their wallet. Standard wallet-connect flow. Nothing malicious has happened yet.
- Step 3 — The approval. The dApp requests:
approve(spender=ATTACKER, amount=MAX_UINT256). The wallet popup says “Approve.” The victim reads “Claim airdrop.” They sign. They’ve just granted the attacker unlimited, persistent access to every token in that contract. Irrevocable until manually revoked. - Step 4 — Silence. Nothing happens. Hours pass. Days. The victim forgets they signed anything. The approval sits on-chain like a loaded spring.
- Step 5 — Drain.
transferFrom(victim, attacker, balance)— no further victim interaction required. The approval from Step 3 is the only permission needed. Wallet empties.
Every security layer did its job. The private key was correct. The signature was cryptographically valid. The smart contract executed as written. The wallet confirmed the transaction.
The human signed something they didn’t understand. And nothing in the stack bothered to check.
$18.2M from a single Kraken account
The Kraken case operates differently but breaks at the same joint. One user — someone holding $18.2 million on a regulated exchange, not an amateur — was socially engineered into authorizing withdrawals to attacker-controlled addresses. Kraken has KYC. Kraken has 2FA. Kraken has withdrawal whitelisting and cooldown periods. The user cleared every gate.
- Session. Authenticated. 2FA verified. Device recognized. IP consistent with history. Every automated check: green.
- Address. New withdrawal address whitelisted 47 minutes prior. 24-hour cooldown elapsed. Email confirmation: approved. Policy: satisfied.
- Amount. $18,200,000. Risk engine flagged the size. Sent email confirmation. The user — under active social engineering — confirmed it. Human override: accepted.
- Result. Funds transferred. Bridged through Thorchain. Scattered across chains within hours. Gone.
The platform verified that credentials were correct. It never verified that the human was acting freely. Those are different questions. Kraken answered the first one perfectly. Nobody asked the second.
The signature was real. The intent was manufactured.
What six agencies recovered — and what they couldn’t
Before intervention: $45M drained across 30 countries · 20,000+ wallets compromised · avg loss per victim $2,250 · persistent approvals allowed delayed drains.
After intervention: $12M frozen — 27% of total · six agencies, five countries, one week · fastest crypto recovery operation on record · $33M laundered before anyone moved.
A 27% recovery rate from a multinational law enforcement operation is legitimately impressive. But it required coordination across the Secret Service, NCA, Ontario Provincial Police, the Ontario Securities Commission, and Coinbase — and it still left $33 million unrecoverable. Blockchain transparency enabled the tracing. Nothing enabled the prevention.
This isn’t a policing failure. It’s an architecture gap. You can’t arrest your way out of a missing verification step.
Where biometric verification fits
Both attacks share a void in the transaction flow: the gap between “user initiates action” and “action executes” contains no identity verification. Credentials are checked at login. Transactions are validated for format. But whether the human understands and intends the specific thing they’re authorizing — that question goes unasked.
A biometric step-up verification at the point of signing changes the question from “are the credentials valid?” to “is this person, right now, confirming this specific action?”
// dApp requests: approve(spender=0x7a3f, amount=MAX)
// User thinks they're claiming an airdrop.
[step-up triggered]
reason: token_approval + unlimited_amount
action: biometric_verification_required
// The Lorica widget shows the user what
// the transaction ACTUALLY does:
┌──────────────────────────────────────────┐
│ │
│ CONFIRM: Grant unlimited USDC access │
│ to contract 0x7a3f... │
│ │
│ This is NOT "Claim airdrop." │
│ Face verification required to proceed. │
│ │
└──────────────────────────────────────────┘
// The phishing page controls its own UI.
// It cannot control the verification prompt.
[result] liveness: confirmed
confidence: 0.97
action_hash: sha256(approve_max_USDC_0x7a3f...)
jwt_ttl: 60sFor the Kraken scenario, the mechanism is different. The attacker has spent hours building urgency: your account is compromised, withdraw everything now, send it here. The biometric challenge injects a mandatory 3-second pause into the pressure loop. Active motion — turn left, blink, nod — requires physical presence and composure that’s hard to maintain under coached duress. And the verification prompt displays the real transaction details through a system the attacker doesn’t control.
Different attacks. Same intervention point. Both die the moment a system the attacker can’t manipulate asks the human to confirm what’s actually happening.
The arithmetic
Before: 292 milliseconds (warm path). Before the signature.
After: 27% recovery rate — if six agencies across five countries coordinate within a week. For the other 73%, there is no after.
20,000 wallets emptied. $18.2 million gone from a single account. In every case, the cryptographic signature was flawless. The human verification was absent.
The signatures didn’t fail. The assumption behind them did — that a valid key means a valid intent. It doesn’t. It never did. And now there’s a joint communiqué from 30 countries that proves it.
Documentation: loricaapi.com/docs · Live demo: loricaapi.com/demo