The FBI has issued a public warning about a surge in NFT airdrop scams targeting users of Hedera Hashgraph wallets. These scams, which exploit non-custodial wallets like HashPack, involve phishing techniques and malicious transaction memos to steal cryptocurrency. The alert, published on June 3, 2025, highlights the growing sophistication of these attacks and provides mitigation strategies for users and organizations1.
TL;DR: Key Points for CISOs
- Threat Vector: NFT airdrops used to deliver phishing links or malicious dApps.
- Targets: Non-custodial Hedera wallets (e.g., HashPack).
- Techniques: Fake rewards, embedded malicious URLs in transaction memos, and AI voice impersonation scams (“vishing”)2.
- Mitigation: Verify unsolicited offers, avoid sharing seed phrases, and monitor for unauthorized transactions.
- Reporting: Submit incident details to the FBI’s IC3 platform1.
Attack Mechanics and Technical Details
The scams typically begin with victims receiving unsolicited NFT airdrops, often promoted via social media or email. These airdrops contain transaction memos with embedded URLs leading to fraudulent decentralized applications (dApps). Once users interact with these dApps, they are prompted to enter seed phrases or approve malicious transactions, granting attackers access to their wallets1.
Hedera Hashgraph’s energy-efficient design and enterprise adoption have made it an attractive target. Unlike custodial wallets, non-custodial variants like HashPack place full control of private keys in users’ hands, making them vulnerable to social engineering attacks. The FBI notes that attackers frequently use AI-generated voices to impersonate officials, adding credibility to their schemes2.
Relevance to Security Teams
For threat intelligence researchers and SOC analysts, these scams underscore the need for:
- Enhanced Monitoring: Track wallet transactions for suspicious memo fields or unexpected NFT receipts.
- User Education: Train employees on recognizing phishing attempts, especially those involving AI voice clones.
- Tool Integration: Use blockchain analytics tools to flag malicious addresses linked to known scams.
Remediation and Best Practices
The FBI recommends the following steps to mitigate risks:
- Verify URLs: Cross-check airdrop offers with official project channels.
- Use Hardware Wallets: Store assets in cold wallets to reduce exposure to online threats.
- Enable 2FA: Add an extra layer of security for wallet access.
- Report Incidents: Submit detailed reports (including transaction IDs and wallet addresses) to IC31.
Broader Threat Landscape
This warning coincides with other cybercrime trends, including the takedown of the $50M Danabot malware operation and regulatory clashes over AI training practices3. Hedera’s upcoming HashSphere launch and Chainlink integration may further attract malicious actors seeking to exploit new features4.
Conclusion
The FBI’s alert highlights the evolving tactics of crypto scammers, particularly their use of NFT airdrops and AI-driven social engineering. Organizations should prioritize user awareness and adopt proactive monitoring to defend against these threats. For ongoing updates, refer to the FBI’s IC3 announcements and Hedera’s security advisories.
References
- “FBI IC3 Public Service Announcement (PSA),” Jun. 3, 2025.
- “FBI IC3 PSA on AI Voice Impersonation Scams,” May 16, 2025.
- CyberInsider, “Danabot Malware Takedown and Meta’s Legal Issues,” 2025.
- Crypto.News, “Hedera Hashgraph Developments,” 2025.
