Cybercriminals are Targeting Binance Users With a New Phishing SMS Scam

Source Beincrypto

Dozens of Binance users report receiving an alarming wave of phishing text messages that appear genuine. These messages even match the phone number and SMS inbox they regularly see for official Binance updates. 

Almost all phishing texts reviewed by BeInCrypto have the same wording and format. This leads us to believe that a particular threat actor or criminal group is targeting Binance users with a sophisticated phishing campaign.

Targeted Phishing Campaign Against Binance Users

The messages often warn of users’ unauthorized account activities—such as a newly added two-factor authentication device. 

Most commonly, the phishing messages follow up with a text about an unexpected Binance API pairing with Ledger Live. The recipients are then urged to call a provided phone number. 

Some targeted users claim these texts show up in the same thread as their legitimate Binance notifications. This creates confusion and prompts them to engage. Investigations by BeInCrypto reveal a surge in consumer complaints on X (formerly Twitter). 

binance phishing smsA Binance Use Shared the SMS Received Over the Past Week with BeInCrypto

Many users say they were caught off guard because the scam messages originated from the same sender ID used by Binance for authentic notifications. 

Meanwhile, the criminals behind this campaign appear to be capitalizing on publicly reported leaks of Binance user data on dark web forums. 

Last month, an estimated 230,000 combined user records from Binance and Gemini reportedly appeared for sale on the dark web. Security experts suggest these leaks came through phishing attacks rather than direct system breaches.

The suspected group of threat actors is likely using leaked information—names, phone numbers, and emails—to craft targeted messages that give the illusion of legitimacy. 

Also, the pattern seen in the phishing attempts typically involves an urgent “not you?” query. It prompts recipients to call an embedded phone line instead of simply clicking a link. 

This method bypasses the more common scenario of phishing links in SMS.

Binance is Extending Anti-Phishing Code to SMS

In an exclusive email to BeInCrypto, Binance’s Chief Security Officer, Jimmy Su, responded to these findings. Su confirmed the company’s awareness of the escalating smishing incidents.

“We are aware of smishing scams on the rise where phishing scammers are impersonating us and other legitimate senders via SMS. These scams appear to be more authentic, tricking users into revealing sensitive information, clicking into phishing links, or making a transfer that result in loss of assets.” Binance’s Chief Security Officer told BeInCrypto. 

Su further disclosed that Binance has extended its Anti-Phishing Code to SMS. This feature was originally offered for emails. 

The code is a user-defined identifier that appears in official Binance messages, making it easier for recipients to recognize genuine notifications and avoid impostors. 

“By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users,” Su said.

The Anti-Phishing Code has been rolled out to all licensed jurisdictions where Binance operates. 

Also, according to Binance, both registered and non-registered users have reported receiving suspicious texts. 

Therefore, attackers might be leveraging databases that include phone numbers of individuals not actively using Binance.

BeInCrypto advises users to adopt additional measures, such as verifying transactions directly through Binance’s official app or website, using multifactor authentication, and never sharing credentials over the phone. 

Reporting suspicious messages to Binance’s support team is strongly advised.

Individuals are encouraged to confirm official communications by checking for the Anti-Phishing Code and to carefully scrutinize any request to call phone numbers provided in unsolicited messages.

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Germany CPI Preview: Headline inflation expected to rise 2.1% YoY in AugustThe Federal Statistical Office of Germany (Destatis) will publish the country’s preliminary estimate of the Harmonized Index of Consumer Prices (HICP) inflation data for August on Friday at 12:00 GMT.
Author  FXStreet
Aug 29, Fri
The Federal Statistical Office of Germany (Destatis) will publish the country’s preliminary estimate of the Harmonized Index of Consumer Prices (HICP) inflation data for August on Friday at 12:00 GMT.
placeholder
Forex Today: US Dollar stabilizes ahead of key PCE inflation dataThe US Dollar (USD) finds a foothold early Friday after posting losses for three consecutive days.
Author  FXStreet
Aug 29, Fri
The US Dollar (USD) finds a foothold early Friday after posting losses for three consecutive days.
placeholder
Pound Sterling corrects ahead of US PCE inflation dataThe Pound Sterling (GBP) corrects to near 1.3500 against the US Dollar (USD) during the European trading session on Friday.
Author  FXStreet
Aug 29, Fri
The Pound Sterling (GBP) corrects to near 1.3500 against the US Dollar (USD) during the European trading session on Friday.
placeholder
Solana Price Hits 6-Month High, Unbothered By $432 Million SellingSolana has surged to a six-month high, continuing its strong uptrend in the broader crypto market.
Author  Beincrypto
Aug 29, Fri
Solana has surged to a six-month high, continuing its strong uptrend in the broader crypto market.
placeholder
The “No-Error Era” for AI Chip Stocks: Marvell Meets Expectations Yet Plunges 11%Despite delivering solid results, Marvell stock plummeted 11.28% in after-hours trading after its Q3 revenue guidance came in slightly below expectations.
Author  TradingKey
Aug 29, Fri
Despite delivering solid results, Marvell stock plummeted 11.28% in after-hours trading after its Q3 revenue guidance came in slightly below expectations.
goTop
quote