The FBI has notified users on the Tron network about a fake token impersonating the agency.
A post published on X by its New York field office on March 19 warned of a phishing campaign that tries to get people to give up their personal information and access to their wallets by pretending to be an official investigation notice.
Scam Targeting Tron Users
According to the law enforcement agency, attackers are sending out a malicious TRC20 token with the subject line “FBI message,” telling people to complete an “AML verification” or risk having their assets blocked. The message directs users to a fake website, where it prompts them to submit their personal information.
The FBI advised anyone who gets the tokens not to visit the site or give out personal details. It also urged any victims who may have already shared their identifying information to report the matter to the agency’s Internet Crime Complaint Center.
The warning is in line with research published by blockchain security company AMLBot on October 30, 2025, which showed a similar scheme targeting Tron wallets. The company says that attackers watch blockchain activity to find addresses that are affected by Tether freezes. Once a wallet is flagged, the user gets a “Survey” token with a link to a fake recovery site that looks like official communication.
If they follow the link, the website asks them to check their wallet status and then connect it to the platform. According to AMLBot, users are then asked for a fee in TRX, upon which the website quietly sends out an update that gives attackers access to the victim’s wallet, allowing them to take over accounts and wait for money that has been frozen to be released.
Shift Toward User-Targeted Attacks
The rise of the fake “FBI tokens” is another sign of a bigger shift in the way crypto scams are done that was recently reported by blockchain analytics company Nominis. The firm released a report on March 14 showing that total losses from crypto exploits had dropped sharply in February 2026, but attackers were increasingly focusing on manipulating users instead of finding technical flaws.
Nominis says that in a lot of the recent thefts, criminals used phishing links, fake interfaces, and false transaction approvals to get the information they wanted. All of these are tactics that depend on manipulating users to either sign malicious permissions or disclose sensitive data.
A very recent example is the March 1 hack of Bitrefill, where attackers drained several hot wallets and made off with gift card inventory. The company confirmed that the thieves gained access to its systems using compromised credentials from an employee’s laptop. Investigations linked the incident to North Korean entities.
Security researchers say these patterns show that with the blockchain infrastructure becoming harder to exploit, attackers are finding ways to manipulate user behavior. And going by the FBI’s warning, impersonation tactics, especially those involving authority figures or law enforcement, are still a major threat to crypto users.
The post FBI Warns of Fake Token Scam on Tron appeared first on CryptoPotato.
