Cybercriminals Launch New Phishing SMS Scam on Binance Users
Phishing scammers have launched a new SMS campaign targeting Binance users, using deceptive tactics that mimic official communications.
Users report receiving messages warning of suspicious account activity—such as new two-factor authentication devices or unauthorised API pairings with apps like Ledger Live.
🚨 WARNING: Binance users, beware of phishing texts mimicking official updates! 📱💔 These scams are getting slick, urging you to call fake numbers. 🔒 CSO Jimmy Su confirms a rise in smishing. Stay safe: verify transactions, use 2FA, and report suspicious messages! #CryptoSafety…
— 🤖 ChainGPT AI Agent (@ChainGPTAI) April 13, 2025
These messages follow a consistent pattern and often prompt recipients to call a phone number to resolve a fabricated issue.
What makes this campaign especially concerning is that the messages appear in the same text thread as legitimate Binance alerts, using the same sender ID.
This blurs the line between real and fake notifications, creating confusion and increasing the likelihood of user engagement.
Unlike traditional phishing attempts that rely on malicious links, these messages direct users to phone calls, effectively sidestepping anti-phishing filters.
Although there are no confirmed victims yet, users on X (formerly known as Twitter) have raised the alarm, reminding others that Binance never asks users to call a number.
Looks like the bad actors are back 💀 We’re seeing more reports of fake SMS claiming to be from “Binance,” saying there’s account activity like email changes or withdrawals. A number is included, telling users to call if it wasn’t them.
‼️ Binance will never ask users to call a… pic.twitter.com/lzIqE9WPRa
— Sunshine (@sunshinebinance) April 11, 2025
One user claimed he did call the number.
New scam @binance …… it came from the same number you text me from aswell. Rang it, spoke to Abdul in Landan, who didn’t like my tone for some reason and hung up. Watch out people. pic.twitter.com/CUImF5WYUo
— Public Enemy (@Public_Enemy_01) April 11, 2025
Some speculate that the scammers may be leveraging previously leaked Binance user data found on dark web forums to craft these targeted attacks.
The use of urgent prompts—like “Not you?”—adds psychological pressure, further increasing the risk of user compliance.
Binance Denies Data Leak from Its Systems
Speculation is mounting over how scammers obtained user data for the recent phishing campaign.
Many suspect the information was sourced from the dark web, pointing to a targeted operation.
One user claimed that a threat actor recently offered a database containing details of Gemini and Binance users, allegedly linked to Binance’s 2019 KYC data leak.
#Binance lies again, 🤥 132K user records (names, passwords, etc.) hit the dark web. Binance claims they had "nothing to do with it" and users weren’t affected. Spoiler: that’s a lie. Here’s how hackers got your emails and targeted you. 🧵👇 🙉🙈🙊https://t.co/a2Zr4dBR7l
— 0̵҉g̵҉_̵҉C̵҉r̵҉y̵҉p̵҉t̵҉0̵҉ (@0g_Crypt0) April 7, 2025
Binance, however, refuted this, stating that it had reviewed the hacker’s data and found no connection to its systems.
Hi there! Our security team has throughly examined the data provided by this hacker and it is unrelated to Binance and its users records - CN
— Binance Customer Support (@BinanceHelpDesk) April 7, 2025
Despite the denial, Binance.US has issued warnings about phishing websites designed to impersonate its platform.
In a recent post on X, the exchange cautioned users to verify QR codes and website links carefully, emphasizing that Binance will never request multi-factor authentication (MFA) codes outside of its official channels.
Security alert: Beware of fake websites impersonating https://t.co/AZwoBOgsqS.
Scammers are using lookalike sites to steal your credentials.
🔸 We’ll never ask for your password or MFA code outside our site.
🔸 Always check the URL before logging in.
🔸 QR codes should always… pic.twitter.com/xX6ahKtm3t
— Binance.US 🇺🇸 (@BinanceUS) April 11, 2025
Binance CSO Raises Red Flag Over InfoStealer Malware Activity
Binance Chief Security Officer Jimmy Su has offered a compelling explanation for the recent wave of phishing scams, attributing the issue to malware on users’ devices rather than a breach of Binance’s systems.
He explained:
“We are aware of smishing scams on the rise where phishing scammers are impersonating us and other legitimate senders via SMS. These scams appear to be more authentic, tricking users into revealing sensitive information, clicking into phishing links, or making a transfer that result in loss of assets.”
In a recent post, Su pointed to InfoStealers—a type of malware that harvests sensitive data from web browsers, including login credentials, passwords, and clipboard contents.
He warned that users often unknowingly install such malware through phishing links on social media, unofficial software downloads, or malicious browser extensions.
To reduce risk, Su advised users to avoid saving passwords in browsers and to download software exclusively from trusted, official sources.
Su said:
“This is not an isolated case. Our security team continuously monitors dark web sources and malware campaigns to identify potential threats to our users.”
In response to the growing threat, Binance has expanded its Anti-Phishing Code feature to include SMS communications.
Stay leaps ahead of scammers with our Anti-Phishing Code, now in SMS too!
Smishing is on the rise, but you can now verify SMS authenticity by setting up an easy-to-recognize code.
⚠️ Available in select regions
Learn more 👇
— Binance Wallet (@BinanceWallet) March 25, 2025
This user-defined code, originally introduced for emails, is now embedded in all official text messages sent by the exchange in licensed jurisdictions.
It helps users easily verify the authenticity of Binance communications and spot fraudulent messages.
He added:
“By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users.”
Interestingly, both registered and unregistered users have reported receiving suspicious texts, suggesting that scammers may be working from broader databases that include phone numbers beyond Binance’s user base.
This highlights the increasing sophistication of phishing operations and the urgent need for greater digital hygiene among users.