Dozens of Binance users report receiving an alarming wave of phishing text messages that appear genuine. These messages even match the phone number and SMS inbox they regularly see for official Binance updates. 
Almost all phishing texts reviewed by BeInCrypto have the same wording and format. This leads us to believe that a particular threat actor or criminal group is targeting Binance users with a sophisticated phishing campaign.
The messages often warn of users’ unauthorized account activities—such as a newly added two-factor authentication device. 
Most commonly, the phishing messages follow up with a text about an unexpected Binance API pairing with Ledger Live. The recipients are then urged to call a provided phone number. 
Some targeted users claim these texts show up in the same thread as their legitimate Binance notifications. This creates confusion and prompts them to engage. Investigations by BeInCrypto reveal a surge in consumer complaints on X (formerly Twitter). 
Many users say they were caught off guard because the scam messages originated from the same sender ID used by Binance for authentic notifications. 
Meanwhile, the criminals behind this campaign appear to be capitalizing on publicly reported leaks of Binance user data on dark web forums. 
Last month, an estimated 230,000 combined user records from Binance and Gemini reportedly appeared for sale on the dark web. Security experts suggest these leaks came through phishing attacks rather than direct system breaches.
The suspected group of threat actors is likely using leaked information—names, phone numbers, and emails—to craft targeted messages that give the illusion of legitimacy. 
Also, the pattern seen in the phishing attempts typically involves an urgent “not you?” query. It prompts recipients to call an embedded phone line instead of simply clicking a link. 
This method bypasses the more common scenario of phishing links in SMS.
In an exclusive email to BeInCrypto, Binance’s Chief Security Officer, Jimmy Su, responded to these findings. Su confirmed the company’s awareness of the escalating smishing incidents.
“We are aware of smishing scams on the rise where phishing scammers are impersonating us and other legitimate senders via SMS. These scams appear to be more authentic, tricking users into revealing sensitive information, clicking into phishing links, or making a transfer that result in loss of assets.” Binance’s Chief Security Officer told BeInCrypto. 
Su further disclosed that Binance has extended its Anti-Phishing Code to SMS. This feature was originally offered for emails. 
The code is a user-defined identifier that appears in official Binance messages, making it easier for recipients to recognize genuine notifications and avoid impostors. 
“By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users,” Su said.
The Anti-Phishing Code has been rolled out to all licensed jurisdictions where Binance operates. 
Also, according to Binance, both registered and non-registered users have reported receiving suspicious texts. 
Therefore, attackers might be leveraging databases that include phone numbers of individuals not actively using Binance.
BeInCrypto advises users to adopt additional measures, such as verifying transactions directly through Binance’s official app or website, using multifactor authentication, and never sharing credentials over the phone. 
Reporting suspicious messages to Binance’s support team is strongly advised.
Individuals are encouraged to confirm official communications by checking for the Anti-Phishing Code and to carefully scrutinize any request to call phone numbers provided in unsolicited messages.
* References, analysis, and trading strategies are provided by the third-party provider, Trading Central, and the point of view is based on the independent assessment and judgement of the analyst, without considering the investment objectives and financial situation of the investors.
Risk Warning: Trading may result in the loss of your entire capital. Trading OTC derivatives may not be suitable for everyone. Please consider our legal disclosure documents before using our services and ensure that you understand the risks involved. You do not own or have any interest in the underlying assets.
Mitrade does not issue advice, recommendations or opinion in relation to acquiring, holding or disposing of our products. All of our products are over-the-counter derivatives over global underlying assets. Mitrade provides execution only service, acting as principal at all times.
Mitrade is a brand jointly used by multiple companies and it operates through the following companies:
Mitrade International Ltd is the issuer of the financial products that are described or available on this website. Mitrade International Ltd is authorised and regulated by Mauritius Financial Services Commission (FSC) and the licence number is GB20025791. The registered office address is 6 St Denis Street, 1st Floor River Court, Port Louis 11328, Mauritius.
Mitrade Global Pty Ltd with ABN 90 149 011 361 holds an Australian Financial Services Licence (AFSL 398528).
Mitrade Holding is authorised and regulated by Cayman Islands Monetary Authority (CIMA) and the SIB licence number is 1612446.
The information on this site is not intended for residents of the United States, Canada, Japan, New Zealand, United Kingdom or use by any person in any country or jurisdiction where such distribution or use would be contrary to local law or regulation. Please note that English is the main language used in our services and is also the legally effective language in all of our terms and agreements. Versions in other langauges are only for reference. In the event of any discrepancy between the English version and the other versions, the English version shall prevail.
Secured by SSL. © Mitrade Copyright, All rights reserved.

source