Binance Phishing SMS Scam Targets Users

Binance Users Targeted by Phishing SMS Scam

A surge in phishing text messages targeting Binance users has been reported. These sophisticated scams mimic legitimate Binance notifications, creating confusion and potentially leading to significant financial losses. Dozens of users have reported receiving near-identical messages, suggesting a coordinated attack by a specific threat actor or group.

The Scam

The phishing SMS messages typically warn of unauthorized account activity, such as a new 2FA device being added or an unexpected Binance API pairing with Ledger Live. Recipients are then urged to call a provided phone number. Alarmingly, many users report these messages appearing within existing threads of legitimate Binance notifications, making them harder to identify as fraudulent.

This surge in smishing (SMS phishing) attacks coincides with reports of leaked Binance user data circulating on dark web forums. Experts suspect these leaks, potentially numbering 230,000 records from Binance and Gemini, are the result of previous phishing attacks rather than direct database breaches. Attackers are using the leaked data—names, phone numbers, and emails—to create highly targeted and convincing scams.

A common tactic employed in these scams is an urgent "not you?" query, prompting users to call a specified number, rather than clicking a malicious link. This clever approach avoids the more commonly used phishing link technique.

Binance's Response

Binance is aware of the escalating issue and has expanded its anti-phishing code, initially used for email, to include SMS messages. This code, a user-defined identifier appearing in legitimate Binance communications, helps users distinguish genuine notifications from scams. This anti-phishing code is now active in all Binance's licensed jurisdictions. Binance has confirmed that both registered and unregistered Binance users are being targeted, suggesting the attackers are using broader databases of phone numbers.

Protecting Yourself

Codeum, a blockchain security and development platform, emphasizes the importance of proactive security measures. Our services, including smart contract audits and security consultations, help protect your projects from similar vulnerabilities. Here's how to protect yourself from this Binance SMS phishing scam:

• Verify transactions: Always double-check transactions directly through the official Binance app or website.
• Enable multi-factor authentication (MFA): This adds an extra layer of security to your account.
• Never share credentials: Do not share your passwords or any sensitive information over the phone or through unsolicited links.
• Report suspicious messages: Immediately report any suspicious messages to Binance's support team.
• Look for the anti-phishing code: Verify official communications by checking for this security feature.

Staying vigilant and informed is crucial in the ever-evolving landscape of cryptocurrency security. By adopting these best practices, you can significantly reduce your risk of falling victim to phishing scams.