Binance Users Targeted by Phishing SMS Campaign

Binance users have reported receiving a wave of phishing text messages that appear genuine, matching the phone number and SMS inbox they regularly see for official Binance updates. The messages often warn of unauthorized account activities, such as a newly added two-factor authentication device, and follow up with a text about an unexpected Binance API pairing with Ledger Live. Recipients are then urged to call a provided phone number.

Many users claim these texts show up in the same thread as their legitimate Binance notifications, creating confusion and prompting them to engage. Investigations reveal a surge in consumer complaints on social media platforms. The scam messages originated from the same sender ID used by Binance for authentic notifications, catching many users off guard.

The criminals behind this campaign appear to be capitalizing on publicly reported leaks of Binance user data on dark web forums. Last month, an estimated 230,000 combined user records from Binance and another exchange reportedly appeared for sale on the dark web. Security experts suggest these leaks came through phishing attacks rather than direct system breaches. The suspected group of threat actors is likely using leaked information—names, phone numbers, and emails—to craft targeted messages that give the illusion of legitimacy.

The pattern seen in the phishing attempts typically involves an urgent “not you?” query, prompting recipients to call an embedded phone line instead of simply clicking a link. This method bypasses the more common scenario of phishing links in SMS.

In response to these findings, Binance’s Chief Security Officer, Jimmy Su, confirmed the company’s awareness of the escalating smishing incidents. Su disclosed that Binance has extended its Anti-Phishing Code to SMS, a feature originally offered for emails. The code is a user-defined identifier that appears in official Binance messages, making it easier for recipients to recognize genuine notifications and avoid impostors.

“By incorporating a unique Anti-Phishing code into Binance SMS messages, we are making it significantly harder for scammers to deceive our users,” Su said. The Anti-Phishing Code has been rolled out to all licensed jurisdictions where Binance operates. Both registered and non-registered users have reported receiving suspicious texts, suggesting that attackers might be leveraging databases that include phone numbers of individuals not actively using Binance.

Users are advised to adopt additional measures, such as verifying transactions directly through Binance’s official app or website, using multifactor authentication, and never sharing credentials over the phone. Reporting suspicious messages to Binance’s support team is strongly advised. Individuals are encouraged to confirm official communications by checking for the Anti-Phishing Code and to carefully scrutinize any request to call phone numbers provided in unsolicited messages.