Internet Crime Complaint Center (IC3) | Cyber Criminals Defraud Hedera Hashgraph Network Non-Custodial Wallet Users Through Nonfungible Token Airdrops Disguised as Free Rewards

The Federal Bureau of Investigation (FBI) is issuing this announcement to inform individuals about cyber criminals defrauding cryptocurrency users through the nonfungible token (NFT)¹ airdrop² feature embedded in non-custodial wallets,³ which is disguised as free rewards or incentives for Hedera Hashgraph network users. The Hedera Hashgraph is the distributed ledger used by Hedera. The airdrop feature was originally created by the Hedera Hashgraph network for marketing purposes; however, cyber criminals can exploit this tactic to collect victim data to steal cryptocurrency.

NFT Airdrop Defrauding Techniques

Memos

For a user to receive a token in their wallet as part of the airdrop process, the user must either hold the specific token offered, be a part of the community, or simply own a non-custodial wallet. Once the transaction is completed, and the user receives unsolicited or promotional cryptocurrency tokens and rewards in their non-custodial wallet as part of the airdrop process, a plaintext "memo" section appears that may be used to provide additional context about the transaction, including a reference number. Within these memos, users are required to click the embedded uniform resource locator (URL) to accept the tokens or rewards. The memo is independent of the wallet a user may use to manage their cryptocurrency; however, cyber criminals are compromising this memo feature and including a URL to a third-party website. This URL, links the user's cryptocurrency wallet to the website's decentralized applications (dApps)⁴ function to earn additional cryptocurrency; this connection often requires the user to input their login and security information, including seed phrases⁵ to complete the connection. This information entered by the user, allows the cyber criminal to steal the user's cryptocurrency from their wallet.

Social Media, Third Party Sites, and Phishing Emails

Cyber criminals may also advertise malicious phishing⁶ URLs for fraudulent NFT airdrop rewards tokens on social media or through a third-party website. Other cyber criminals may send a phishing email to cryptocurrency users offering an airdrop of free tokens. When a user clicks the link to visit the site, the URL connects to the user's wallet or the user will be directed to provide their password and/or link their wallet to receive the tokens. The cyber criminal then accesses the user's wallet, without authorization, and moves the user's cryptocurrency to a wallet owned by the cyber criminal, draining the user's wallet of cryptocurrency.

Tips on How to Protect Yourself

If you did not sign up to participate in a marketing or rewards program with the provider and you receive an offer for free tokens, verify the offer is from the cryptocurrency provider before accepting and/or providing any information.
Do not respond to requests to provide personally identifying information, like passwords, seed phrases, or one-time passwords sent to your accounts if you did not initiate the outreach. Initiate a new call to the company using the verified customer service number if a "representative" reaches out to you via phone or email soliciting personal information.
- Do not click links or use numbers provided in suspicious emails for confirmation communication is legitimate. Use verified customer service numbers provided by the company on official communications.
Monitor cryptocurrency accounts for suspicious login attempts, unauthorized changes to the account, unrecognized transactions, or compromised credentials.

Victim Reporting and Additional Information

If you suspect that you or someone you know are a victim of a Hedera Hashgraph network cryptocurrency scam:

Contact your account providers immediately to regain control of your accounts, change passwords, and place alerts on your accounts for suspicious login attempts and/or transactions.
Be cautious of individuals or companies claiming they can assist in recovering funds lost in scams, as this may be an additional scam.
Submit a report with as much detail as possible to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.
- The most important information you can include in the report are transaction details, which includes:
  - Cryptocurrency addresses
  - Amount and type of cryptocurrency
  - Date and time
  - Transaction ID (hash)
- For additional information, please see:
  - FBI Public Service Announcement FBI Guidance for Cryptocurrency Scam Victims, Alert Number I-082423-PSA: www.ic3.gov/PSA/2023/PSA230824
  - FBI IC3 Cryptocurrency Crime Guidance: www.ic3.gov/CrimeInfo/Cryptocurrency