Full Report
The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. [...]
Analysis Summary
# Threat Actor: Unattributed Cryptocurrency/NFT Scammers (Focus: Hedera Hashgraph)
## Attribution & Identity
The campaign is an ongoing alert issued by the FBI. No specific established threat actor group or attribution is provided, suggesting this operation is likely conducted by opportunistic, financially-motivated cybercriminals or fraud rings, rather than a specific nation-state or named APT.
## Activity Summary
The primary activity detailed is the promotion of fraudulent NFT airdrops targeting holders of Hedera Hashgraph wallets. These scams utilize various vectors to trick users into giving up control of their assets. This activity is growing in prevalence due to the rising adoption of the Hedera Hashgraph platform.
## Tactics, Techniques & Procedures
The TTPs are focused on social engineering and phishing, rather than complex network intrusions:
- **Unsolicited NFT Airdrops:** Deceptive offers designed to lure victims into interacting with malicious smart contracts or wallet prompts.
- **Phishing Emails:** Using email to distribute scam links or information.
- **Social Media Advertisements:** Using social platforms to lure victims.
- **Fake Websites:** Creating deceptive sites that mimic official platforms for claiming or minting NFTs.
- **Information Harvesting:** Attempts to collect sensitive credentials during the fraudulent claiming/minting process (passwords, seed phrases, OTPs).
## Targeting
- **Sectors:** Cryptocurrency holders, specifically those utilizing the Hedera Hashgraph ecosystem.
- **Geography:** Not specified, likely global targeting based on the nature of cryptocurrency and the FBI advisory reach.
- **Victims:** Individual cryptocurrency wallet owners on the Hedera Hashgraph network.
## Tools & Infrastructure
- **Malware Families Used:** Not specified. The attack relies primarily on social engineering and potentially malicious smart contract interactions rather than traditional malware delivery.
- **Infrastructure (C2, domains, IPs):**
- Phishing emails.
- Social media scam advertisements.
- Fake websites mimicking legitimate claiming/minting portals.
- (No specific malicious URLs or IPs were provided in the text to defang.)
## Implications
This indicates an increasing financialization of cybercrime, where criminals are actively adapting to new, high-value technological trends (like Hedera Hashgraph) to extract cryptocurrency from users through social engineering tactics that exploit excitement around new digital assets. The barrier to entry for these scams is relatively low compared to sophisticated APT operations.
## Mitigations
- **Verify Airdrops:** Always check any airdrop alerts against the official project source; *never* use contact information provided in the unsolicited communication (email, etc.).
- **Protect Credentials:** Never disclose private keys, seed phrases, or One-Time Passwords (OTPs) during any supposed claiming or minting process, especially if the contact was unsolicited.
- **Security Monitoring:** Regularly monitor cryptocurrency accounts for unauthorized activity and suspicious login attempts.
- **Incident Reporting:** If compromised, immediately contact account providers and report the incident to the FBI's Internet Crime Complaint Center (IC3), providing transaction details (crypto addresses, IDs, dates, amounts).