Key Highlights
- FBI New York warns Tron users about a fake “FBI token” used to push phishing messages directly into crypto wallets.
- Scam impersonates law enforcement, claiming wallets are “under investigation” and pushing users to fake AML verification sites to steal data.
- The malicious token reached 700+ wallets (including high-value USDT holders), amid a broader $14B crypto scam surge and 1,400% rise in impersonation attacks.
The Federal Bureau of Investigation’s (FBI’s) New York Field Office issued a public warning on Thursday about a phishing scam circulating on the Tron blockchain, in which a malicious token masquerading as an official FBI asset is being used to intimidate users into surrendering personal information.
“FBI New York encourages users of the Tron blockchain network to exercise caution if they encounter a token purported to be from the FBI,” the agency posted on X. “Do not provide any identifying information to any website associated with such a token.”
How the scam works
Unlike conventional phishing campaigns that rely on emails or fake websites, this attack embeds its payload directly into blockchain transactions. The fraudulent token, bearing the FBI’s name, is airdropped into Tron wallets and carries a message claiming the recipient’s wallet is “under investigation.”
Users are then instructed to visit an external website and complete a fake anti-money-laundering (AML) verification process to avoid “a total block” on their assets.
By impersonating federal law enforcement and invoking sanctions language, the attackers create urgency designed to override normal caution. This is a textbook social engineering tactic now deployed directly on-chain.
According to Tronscan data, the token was minted roughly eight days before the FBI’s warning and had already reached over 728 wallets. Several of those wallets held more than $1 million in USDT, suggesting the campaign is deliberately targeting high-value addresses.
Why Tron?
The choice of Tron is not accidental. The network’s near-zero transaction fees make mass-distribution scams economically viable. An attacker can blanket thousands of wallets for pennies. Tron has also developed an outsized role in stablecoin transfers, particularly USDT, making it a natural hunting ground for scammers targeting high-value addresses.
The network has faced scrutiny for its use by illicit actors before. A crime-fighting coalition co-led by Tether, TRM Labs, and Tron froze over $100 million in illicit assets last year. A January 2026 TRM report flagged the blockchain as a common tool for sanctions evasion in Iran. TRON DAO has since integrated Blockaid’s security tools to flag malicious tokens before users interact with them.
A growing epidemic
The FBI token scam is just one data point in a rapidly escalating trend. On-chain phishing has evolved from crude wallet-drainer contracts into a sophisticated, industrialized operation.
Chainalysis’s 2026 Crypto Crime Report found that scams and fraud generated at least $14 billion in on-chain inflows in 2025, with the true figure projected to exceed $17 billion. Impersonation scams, the exact category this FBI token falls into, surged 1,400% year-over-year, driven by AI tools and phishing-as-a-service platforms.
The FBI’s Internet Crime Complaint Center reported $9.3 billion in cryptocurrency fraud losses for 2024, a 66% year-over-year jump.
The attack surface is expanding in unexpected directions. Scam Sniffer reported that signature phishing losses spiked 207% in January 2026 compared to December 2025, even as victim counts fell. This is a sign that attackers are pivoting toward “whale hunting,” targeting fewer but wealthier wallets. Researchers have also documented over 100 million zero-value transfer attempts on BNB Chain alone, and even physical phishing letters impersonating hardware wallet makers like Ledger and Trezor.
What users should do
The FBI’s guidance is straightforward: do not interact with any tokens or messages claiming to be from the agency, do not visit linked websites, and do not provide personal information. Anyone who has already engaged with the scam is urged to file a report through the Internet Crime Complaint Center at ic3.gov.
For Tron users specifically, the golden rule remains unchanged: unsolicited tokens appearing in your wallet are overwhelmingly likely to be malicious. Ignore them. The fact that a message arrives on-chain rather than in your inbox does not make it legitimate, and as this case shows, the sophistication gap between the two channels is closing fast.
Also Read: TRON’s Justin Sun Issues Fraud Warning After SEC Case Ends