The U.S. Federal Bureau of Investigation (FBI) has warned of a new scam targeting cryptocurrency users. These attacks, particularly spread through fake tokens on the Tron network, aim to deceive users into giving away their personal information and wallet access. The FBI's New York office emphasized that users should absolutely not trust any token claiming to be affiliated with the agency.
While technically simple, this scam is notable for its elements of psychological manipulation. In the first stage of the attack, fake "FBI tokens" are sent to users' wallets, even though they haven't made any transactions. These tokens, using the TRC-20 standard, appear as completely legitimate assets on Tron wallet interfaces and blockchain explorers.
This can initially cause users to become suspicious
The real danger begins in the second stage. The transaction data or description fields accompanying the token claim that users' wallets are under investigation for anti-money laundering (AML) violations. These messages typically threaten users with having their assets frozen if they fail to complete a specific verification process. The links provided in the messages redirect users to fake websites. These sites operate as phishing platforms designed to steal login credentials and wallet access data. According to information shared by the FBI, this fraud campaign has reached at least 728 different wallets. Moreover, the fact that the targeted wallets include high-balance addresses containing over $1 million in USDT indicates that the attack targets not only small investors but also large portfolio holders.
This suggests that the attackers are employing a widespread and random distribution strategy. Authorities state that this type of fraud has increased significantly in recent years. In particular, attacks involving corporate identity impersonation are projected to increase by 1400% annually by 2025. The use of government agency names creates a perception of strong authority among users, triggering panic and hasty decision-making. The use of a highly reputable institution like the FBI further amplifies this effect. The FBI, in its statement, draws a very clear line: the institution does not issue any tokens and does not request identity verification via blockchain. Therefore, any token claiming to be FBI-linked should be considered outright fraud.
This clarity is critical in mitigating the impact of the attack, as fraud largely thrives on uncertainty. Recommendations for users are also quite clear. First, it is crucial not to interact with such tokens received in the wallet. It is extremely important not to click on links associated with the token, and not to share any personal information or wallet data. Furthermore, users are asked to report suspicious activity through the FBI's Internet Crime Complaint Center (IC3). Experts particularly emphasize that an unauthorized token sent to a wallet alone does not constitute a security vulnerability. The real risk arises when users interact with these tokens. Therefore, the safest approach is to completely ignore such assets.
