Tennessee has placed a statewide ban on crypto ATMs, becoming the second state in the United States, after Indiana, to have outright banned crypto ATMs.

 

The ban on crypto ATMs in the state comes after Bill Lee, Tennessee’s governor, signed House Bill 2505 into law, following its unanimous approval by both the Tennessee House of Representatives and the Senate.

 

House Bill 2505, which has now been passed into the state’s legal code, prohibits the installation or operation of virtual currency kiosks, otherwise known as Bitcoin ATMs, in the state. Any violation of the law will be treated as a criminal offense classified as a Class A misdemeanor, with offenders facing up to one year in prison and a fine of $2,500.

 

Image credit: capitol.tn.gov

 

The law also treats business owners who allow these crypto ATMs to be hosted on their property as accomplices, making them liable under the same offense. Although the bill was signed into Tennessee’s legal code last Thursday, it will take effect on July 1.

 

Indiana First to Ban Crypto ATMs

Tennessee’s ban on crypto ATMs comes shortly after Indiana, which on March 9 signed House Enrolled Act 1116 (HEA 1116 into law, banning crypto ATMs in the state and becoming the first U.S. state to do so. The move was prompted by the high levels of fraud and widespread scams associated with crypto kiosks.According to FBI data, about $333 million was stolen through crypto kiosks in 2025 alone. 

 

Prior to the ban, Indiana had nearly 900 crypto ATMs in operation. However, all of these machines were effectively deactivated immediately after Indiana Governor Mike Braun signed House Enrolled Act 1116 into law.

 

Tennessee Takes a Strong Stance on Prediction Markets

Tennessee has, for some time now, taken strong action against prediction market platforms, targeting operators such as Kalshi and Polymarket. In January of this year, the Tennessee Sports Wagering Council (SWC) issued cease and desist orders against major platforms including Polymarket, Kalshi, and Crypto.com, demanding that they stop offering sports event contracts in the state.

 

Kalshi, however, sued the state in the U.S. District Court for the Middle District of Tennessee and won a preliminary injunction. The ruling allowed Kalshi to continue operating in the state while the case proceeds.

 

 

The U.S. Federal Bureau of Investigation (FBI) has warned crypto users about a fake token on the Tron blockchain impersonating the agency.

 

In a post on its New York X account, the FBI said some Tron users have received messages from scammers posing as the agency, asking them to complete an anti-money laundering verification to avoid having their assets frozen and falsely claiming their wallets are under investigation.

 

The FBI cautioned against falling for such scams. “If you receive a token from an account with the details below, do not provide any identifying information to any website associated with the token,” the agency said.

 

Users who have already sent their personal information to the scammers were urged to file a complaint with the Internet Crime Complaint Center.

 

 

Inside Crypto Phishing Scams

The launch of the fake FBI token is one of several crypto phishing scams that have emerged in recent months. These scams often involve impersonating recognized government agencies, companies, or public figures, tricking users into giving up their personal credentials.

 

According to Scam Sniffer, about 106,106 victims were affected by crypto phishing scams in 2025, resulting in losses of approximately $83.85 million. 

 

Although this represents a significant drop compared to the $494 million in losses and 332,000 victims recorded the previous year, phishing remains widely used by attackers, especially with the growing use of AI-generated phishing campaigns.

 

 

FBI Created Fake Cryptocurrency Token

In 2024, the FBI created a fake artificial intelligence–related token, called NexFundAI, an Ethereum-based cryptocurrency designed to catch scammers.

 

The NexFundAI token was part of Operation “Token Mirrors,” launched to identify and expose fraudulent market makers and manipulators, including those involved in wash trading and pump-and-dump schemes.

 

The operation was successful, as it led to the arrest of more than 18 individuals and the seizure of several million dollars from the suspects. 

 

 

 

Trust Wallet has introduced a new address-poisoning protection feature that prevents crypto users from falling for address-poisoning attacks.

 

According to the company, this new feature automatically checks the destination address against a database of known scam and lookalike addresses to prevent malicious transactions. Because the feature runs automatically, users will receive real-time warnings if a risk is detected.

 

For now, the feature will be supported on 32 Ethereum Virtual Machine (EVM) chains, including Ethereum, BNB Smart Chain, Polygon, Optimism, Arbitrum, Avalanche, and Base.

 

The Menace of Address Poisoning

Address poisoning is a phishing-style attack in which scammers trick users into sending cryptocurrency to the wrong wallet address, usually one that closely resembles a legitimate address. 

 

Here’s how address poisoning works:

• A scammer generates a look-alike wallet address, typically one that shares the same first and last characters as a legitimate address.
• The attacker then sends a tiny, or “dust,” amount of crypto to an unsuspecting user.
• The fake address subsequently appears in the victim’s transaction history.
• Because crypto transactions are irreversible, the user may mistakenly send funds to the poisoned address, losing them permanently.

 

While address poisoning may not look as sophisticated or complex as other forms of crypto attacks, it has had a long history of success for scammers. 

 

In May 2024, a user accidentally sent 1,155 Wrapped Bitcoin (WBTC) worth approximately $68 million to a fake address. The attacker created a fake address that looked like the legitimate address, and due to lack of proper scrutiny, the user fell for it.

 

While in May 2025, a trader lost $2.6 million after falling for two address poisoning scams, and later that year, another trader lost $50 million in USDT after sending them to a poisoned wallet address.

 

 

Address Poisoning is Just a Numbers Game

Knowing that most crypto users rarely fall for address poisoning scams (roughly 1 success per 10,000 attempts), attackers often rely on scale to succeed. 

 

Between July 2022 and June 2024, over 270 million address poisoning attempts were recorded across the Ethereum and BNB Chain, with 6,633 of these attempts successful, leading to a loss of over $83 million. 

 

In another address poisoning campaign, scammers used 82,031 fake addresses on 2,774 victims. The result? Over $69 million was lost. 

 

And just last year, there were about 32,290 recorded address poisoning attacks in September, which affected over 6,000 victims.