FBI Denver is seeing that criminals are creating cryptocurrency tokens that impersonate well-known tokens, such as Tether (USDT) and other stablecoins. Criminals then send these impersonation tokens to victims using cryptocurrency addresses that closely resemble legitimate addresses with which the victim has previously corresponded. This type of scam is known as an address-poisoning attack. Because of the way the cryptocurrency wallet software truncates addresses, the first few alphanumeric characters and the last few alphanumeric characters might be identical to a familiar address; however, the middle alphanumeric characters in the address will be different. Impersonation tokens increase the likelihood that address-poisoning attacks will work against both experienced and newer cryptocurrency users.  

Criminals are creating impersonation tokens and sending them to victims with the hope the tokens will make victims more likely to trust or feel indebted to the criminals. Victims typically do not realize the impersonation tokens have no value until they try to redeem them at a cryptocurrency exchange.

Additionally, criminals will send impersonation tokens to a victim’s address in hopes the victim will not take the time to double-check the intended recipient’s address and instead send the transaction to the criminal’s address.

A Colorado-based individual unknowingly fell victim to a $2.1 million stable coin investment scam. After the initial investment, the victim received a notification that their account was locked for “malicious arbitrage” and was being fined $1.5 million. Upon investigation, the tokens involved were identified as impersonation tokens.  

For scams using impersonation tokens, criminals capitalize on victims not recognizing impersonation tokens and not taking the time to fully check cryptocurrency addresses in their wallet software prior to conducting a transaction. To protect yourself, check the entire cryptocurrency address to ensure it fully matches the address where you want to send funds. If you receive tokens from an address, check the source of the funds and use a public blockchain explorer, some of which will indicate if an address or token contract is suspicious or associated with scam activity.

Ways to prevent becoming a victim:

• Double-check the address to which you are sending cryptocurrency. Often the impersonation token address will have the same few first and last alphanumeric characters, but different middle alphanumeric characters.
• Check the token and address on an open source blockchain explorer to see if the address has been labeled as suspicious.
• Continue to educate yourself on impersonation tokens and address-poisoning attacks.
• If you have fallen victim to a scam, report it to the FBI’s Internet Crime Complaint Center at IC3.gov.