The FBI has warned Tron network users about an ongoing phishing scam impersonating the agency. Attackers are sending fake “FBI message” tokens that direct victims to malicious websites to steal personal information and wallet access. This aligns with a broader industry trend, as recent reports indicate criminals are increasingly targeting users directly through social engineering rather than exploiting technical vulnerabilities in blockchain code itself.
The FBI’s New York field office warned of a malicious campaign targeting Tron users on March 19. Attackers are distributing a fake TRC20 token with the subject “FBI message” to trick people into completing a fraudulent “AML verification.”
The message directs recipients to a phishing website that steals personal information and wallet access. The FBI advised users not to visit the linked site or provide any details and to report any incidents.
This scheme matches research published by blockchain security firm AMLBot in October 2025. That report described scammers monitoring for wallet addresses affected by Tether freezes and sending a “Survey” token with a fake recovery link.
Upon connecting their wallet and paying a fee, victims inadvertently grant attackers access to drain their funds. This incident reflects a wider shift in criminal tactics toward manipulating users.
A March 14 report from analytics firm Nominis noted a sharp drop in losses from technical exploits in February 2026. However, it found attackers are increasingly relying on phishing links, fake interfaces, and false transaction approvals.
These methods depend on deceiving users into signing malicious permissions or disclosing sensitive data. A recent example is the March 1 hack of gift card service Bitrefill, where attackers used compromised employee credentials.
Security researchers say these patterns indicate that as blockchain infrastructure becomes more secure, criminals are shifting focus to user behavior. Impersonation tactics, especially those involving authority figures like law enforcement, remain a significant threat to cryptocurrency investors.
