Crypto fraud losses continued to escalate in 2025 and into early 2026, with a new FBI alert highlighting a phishing campaign that uses fake “FBI” tokens on the Tron blockchain to target wallet holders. The warning is notable not only because of the impersonation angle, but because the scheme is designed to reach users through unsolicited on-chain transfers and then steer them toward malicious AML-verification pages.
The broader environment makes the alert more consequential: crypto scams generated at least $14 billion in losses in 2025, up from $12 billion in 2024, showing that attack methods are becoming both more scalable and more effective. In this case, the campaign focuses on wallets holding USDT and other liquid digital assets, turning confusion and compliance anxiety into a direct pathway for theft and data compromise.
FBI New York encourages users of the Tron blockchain network to exercise caution if they encounter a token purported to be from the FBI. If you receive a token from an account with the details below, do not provide any identifying information to any website associated with such… pic.twitter.com/VF03sjM4VW
— FBI New York (@NewYorkFBI) March 19, 2026
How the Scam Turns Wallet Activity Into Asset Losses
The operation begins with unsolicited token transfers into https://satoshipick.com/cryptocurrencies/tron-trx/Tron wallets that falsely appear to come from or reference the FBI. Those tokens include alarming language claiming the recipient’s wallet is “under investigation” for anti-money-laundering violations and instruct the user to complete a verification process through an external link.
That verification step is the core trap: the linked sites are counterfeit pages built to collect personal information, wallet credentials and other sensitive data from the victim. The fraud relies on urgency and authority, using the appearance of law-enforcement scrutiny to pressure users into actions they would otherwise avoid.
The campaign also uses address poisoning, a tactic that quietly inserts attacker-controlled wallet addresses into a user’s transaction history through tiny “dust” transfers. If a user later copies one of those poisoned addresses from prior activity, funds can be misdirected to the attacker without any additional malware being required.
The FBI’s own warning leaves little ambiguity: the Bureau does not contact individuals through calls, texts or emails to threaten arrest, demand money or request personal information, meaning any token or message that does so is fraudulent. That guidance is central because the scam depends on making the fake verification demand feel procedurally real.
Why Stablecoin Holders and Platforms Should Pay Attention
The threat is not theoretical, as recent figures show both broad fraud growth and severe single-wallet losses tied to similar tactics. More than 140,000 crypto-related complaints were recorded by the FBI in 2024, producing $9.3 billion in reported losses, while 2025 saw total scam losses rise further and impersonation scams reportedly jump about 1,400% year over year.
Tron-linked incidents illustrate the scale of the risk, ranging from one reported address-poisoning loss of nearly $50 million in USDT to another campaign that targeted 728 wallets collectively holding more than $1 million in USDT. That mix of large isolated thefts and repeatable mass phishing shows how fraud is eroding liquidity both through major incidents and through constant lower-value attrition.
The implications extend beyond individual victims because repeated attacks on stablecoin balances can weaken confidence in on-chain payment rails and increase counterparty and compliance costs across exchanges, custodians and retail platforms. If these campaigns continue at scale, more users are likely to shift assets into custodial environments that offer stronger fraud controls, even if that comes at the expense of convenience or self-custody.
The immediate defensive posture remains straightforward: do not interact with unsolicited tokens, verify destination addresses manually instead of relying on transaction history, and report any compromise to the Internet Crime Complaint Center. In the current environment, the operational edge belongs to users and platforms that treat unexpected on-chain contact as a security event rather than a routine notification.