What is Central Bank Digital Currency Fraud?

CBDC fraud includes scams and abuse vectors related to central‑bank‑issued digital currencies—fake wallet apps, seed phrase phishing, mule recruitment for “airdrop” cash‑outs, synthetic KYC to farm subsidies, and merchant spoofing of CBDC acceptance. Early ecosystems are fertile ground for opportunists, with the development of policy and technology lagging behind demand.

Risks are spread across users, merchants, and intermediaries: counterfeit apps harvesting credentials; tampering with QR‑codes to divert payments; bridge services that launder proceeds into private wallets; and spoofed domains impersonating official gateways. Cross‑border pilots introduce jurisdictional confusion that’s also ripe for social engineering.

Controls: robust app attestation and signed distribution; step‑up verification for high‑risk flows; device binding; and anomaly detection on transaction graphs (burst patterns, new‑merchant clusters, subsidy drains). Merchant onboarding must include robust checks and ongoing monitoring for mule‑like behavior. And it’s critical to educate the public—providing clear information on what to expect in terms of official apps and recovery flows. Programmatically, one should pair thorough lifecycle screening and monitoring with disciplined AML compliance practices, and use sanctions & PEP screening to exclude prohibited counterparties from the CBDC rails.

Design like it will be attacked — because it will be. Then measure, iterate, and publish what you learn.