A fast-moving phishing campaign has already hit more than 700 Tron wallets — including addresses holding seven-figure sums in stablecoins — by impersonating the FBI and pushing victims to a fake “anti‑money laundering” check.
How the scam works
- Attackers mint a token labeled with the “FBI” name and airdrop it directly into Tron wallets. The token carries an in-wallet message claiming the recipient’s account is under investigation.
- The message directs users to an external website to complete an “AML check,” threatening a full freeze of funds if they don’t comply.
- Because the alert arrives inside the user’s wallet (not by email or phone), it looks unusually authentic — a newer tactic designed to trick even cautious users.
Official response and scope
- The FBI’s New York Field Office confirmed the scam on March 19, 2026 via X, warning users not to click links, visit associated sites, or provide identifying information connected to the token.
- Tronscan data shows the fake FBI token was created about eight days before authorities went public and had landed in 728 wallets by the time of the warning.
- Sending tokens on Tron is extremely cheap, which makes it practical for criminals to flood thousands of addresses at minimal cost. Tron also handles large volumes of USDT, so it attracts holders with meaningful balances.
Context: why Tron is being targeted
- Last year, Tether, TRM Labs, and the Tron network coordinated to freeze over $100 million in assets tied to illicit activity.
- A January 2026 TRM Labs report flagged Tron as a preferred vehicle for sanctions evasion linked to Iran. In response, TRON DAO has adopted Blockaid security tools to screen malicious tokens before users interact with them.
Bigger picture: rising crypto fraud
- Chainalysis’s 2026 Crypto Crime Report found scams and fraud siphoned at least $14 billion in on-chain funds during 2025, with the true total likely exceeding $17 billion.
- Impersonation attacks (the category this scam falls into) surged roughly 1,400% year‑over‑year.
- The FBI’s IC3 recorded $9.3 billion in cryptocurrency fraud losses for 2024 — a 66% increase from 2023.
- Reports also show signature‑phishing losses spiked over 200% in January 2026 compared with the prior month, even as the number of victims fell — indicating attackers are concentrating on fewer, wealthier targets.
What to do if you encounter the token (or already interacted)
- The FBI urges anyone who has interacted with the token or provided information to file a complaint at ic3.gov.
- General precautions: do not click wallet messages or external links that claim to be law enforcement; never supply personal or wallet credentials to a third‑party site; use token‑screening tools and reputable security extensions; consider revoking suspicious approvals and moving funds to trusted storage if you suspect compromise.
This campaign underscores how attackers are evolving: instead of phishing by email, they’re weaponizing in‑wallet messages and token airdrops to create a false sense of authority. Stay skeptical of unsolicited wallet notifications — even when they claim to be from a government agency — and report any suspicious activity to IC3 and your exchange or wallet provider.
Read more AI-generated news on: undefined/news
