Cover Image

Malicious software is altering the withdrawal addresses of Binance (BNB) users, official exchange's statement says. Binance (BNB) security officers are blocking and reporting addresses involved, but traders should still be super-cautious when copying wallet details.

Massive malware attack: Binance (BNB) official statement

Since August 2024, Binance (BNB) users have been targeted by sophisticated malicious software that is able to alter the withdrawal addresses of cryptocurrency wallets. Once a user copies the public address of a crypto wallet they are planning to withdraw crypto to, the malware replaces it with the address of the scammers' wallet.

We’ve identified a global malware issue that alters withdrawal addresses during the transaction process. Be cautious of plugins and apps you’ve installed, especially on Android and web apps, and stay alert on iOS too. Our Binance security team is on top of this issue and… pic.twitter.com/1y9jn0D9CX

— Binance (@binance) September 14, 2024

If the user completes the transfer without noticing the change, the cryptocurrency is transferred to the attacker's wallet, potentially resulting in a financial loss that cannot be recovered.

As per the estimation of Binance (BNB) researchers, the malware is frequently distributed through unofficial apps and plugins, especially on Android and web apps.

Many users are installing these malicious apps while searching for software in their native language or through unofficial channels to circumvent legal restrictions in their jurisdictions.

Binance (BNB) security officers implemented a number of measures to combat the effects of the malware campaign. The world's largest exchange is blacklisting suspicious addresses, reporting scammers to law enforcers and notifying potentially affected customers with alerts.

Beware: Pig butchering schemes are already there

The platform is yet again recommending customers to verify the authenticity of applications and browser extensions they are installing and, of course, double-checking the exact address the crypto is withdrawn to.

In order to prevent wallet addresses from being altered, Binance (BNB) even recommends to take screenshots of wallet details before approving withdrawals.

In the comments section below the announcement, another dangerous scam campaign is happening. Scammers created a website that is allegedly designed to help victims of withdrawal address altering. It abuses Binance (BNB) logos and identics and asks to "revoke approvals" in order to get access to the user's in-browser wallets.

Meanwhile, Binance (BNB) as a centralized exchange has nothing to do with smart contract approvals: The "revoke Binance approval" campaign is a textbook example of "pig butchering" that targets those already scammed.