Cybercriminals are Targeting Binance Users With a New Phishing SMS Scam

Dozens of Binance users report receiving an alarming wave of phishing text messages that appear genuine. These messages even match the phone number and SMS inbox they regularly see for official Binance updates. 

Almost all phishing texts reviewed by BeInCrypto have the same wording and format. This leads us to believe that a particular threat actor or criminal group is targeting Binance users with a sophisticated phishing campaign.

Targeted Phishing Campaign Against Binance Users

The messages often warn of users’ unauthorized account activities—such as a newly added two-factor authentication device. 

Most commonly, the phishing messages follow up with a text about an unexpected Binance API pairing with Ledger Live. The recipients are then urged to call a provided phone number. 

Some targeted users claim these texts show up in the same thread as their legitimate Binance notifications. This creates confusion and prompts them to engage. Investigations by BeInCrypto reveal a surge in consumer complaints on X (formerly Twitter). 

Many users say they were caught off guard because the scam messages originated from the same sender ID used by Binance for authentic notifications. 

Meanwhile, the criminals behind this campaign appear to be capitalizing on publicly reported leaks of Binance user data on dark web forums. 

Last month, an estimated 230,000 combined user records from Binance and Gemini reportedly appeared for sale on the dark web. Security experts suggest these leaks came through phishing attacks rather than direct system breaches.

The suspected group of threat actors is likely using leaked information—names, phone numbers, and emails—to craft targeted messages that give the illusion of legitimacy. 

Also, the pattern seen in the phishing attempts typically involves an urgent “not you?” query. It prompts recipients to call an embedded phone line instead of simply clicking a link. 

This method bypasses the more common scenario of phishing links in SMS.

Binance is Extending Anti-Phishing Code to SMS

In an exclusive email to BeInCrypto, Binance’s Chief Security Officer, Jimmy Su, responded to these findings. Su confirmed the company’s awareness of the escalating smishing incidents.

“We are aware of smishing scams on the rise where phishing scammers are impersonating us and other legitimate senders via SMS. These scams appear to be more authentic, tricking users into revealing sensitive information, clicking into phishing links, or making a transfer that result in loss of assets.” Binance’s Chief Security Officer told BeInCrypto. 

Su further disclosed that Binance has extended its Anti-Phishing Code to SMS. This feature was originally offered for emails. 

The code is a user-defined identifier that appears in official Binance messages, making it easier for recipients to recognize genuine notifications and avoid impostors. 

“By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users,” Su said.

The Anti-Phishing Code has been rolled out to all licensed jurisdictions where Binance operates. 

Also, according to Binance, both registered and non-registered users have reported receiving suspicious texts. 

Therefore, attackers might be leveraging databases that include phone numbers of individuals not actively using Binance.

BeInCrypto advises users to adopt additional measures, such as verifying transactions directly through Binance’s official app or website, using multifactor authentication, and never sharing credentials over the phone. 

Reporting suspicious messages to Binance’s support team is strongly advised.

Individuals are encouraged to confirm official communications by checking for the Anti-Phishing Code and to carefully scrutinize any request to call phone numbers provided in unsolicited messages.