Cryptocurrency Scam Targets Binance Users, Australian Police Warn

Australian federal police have issued a warning to over 130 individuals about a sophisticated text message scam targeting cryptocurrency users. The scam involves fraudsters impersonating representatives from Binance, a well-known cryptocurrency exchange, and sending messages through text and encrypted messaging platforms. These messages claim that the user's crypto account has been breached and instruct them to set up a new wallet. The deception is enhanced by the use of the same "sender ID" as legitimate Binance communications, making the messages appear genuine at first glance.

The scam operates by sending fake verification codes and a support phone number. When victims call the number, they are directed to transfer their cryptocurrency to a "trust wallet" controlled by the scammer, resulting in the theft of their assets. This method exploits online text messaging services that allow messages to be sent from a Sender ID, such as a company name, rather than a phone number, making it easier to spoof text messages.

Once a phone receives the fraudulent communication, it is grouped based on the Sender ID, appearing in the same thread as other messages with the same ID. This makes the scam messages blend seamlessly with legitimate communications from Binance. The Australian Federal Police (AFP) has conducted an email and text blitz to warn the identified individuals about this scam.

Commander Graeme Marshall of the AFP's Cybercrime Operations highlighted the difficulty in recovering funds once they are transferred to the thief’s wallet. The funds are quickly moved through a network of wallets, making seizure or recovery nearly impossible. This scam mirrors previous incidents where fraudulent emails spoofing other cryptocurrency exchanges, such as Coinbase and Gemini, attempted to trick users into setting up new wallets using pre-generated recovery phrases controlled by scammers.

Red flags for this type of scam include unsolicited contact from someone claiming to be from Binance about an account breach, pressure to act quickly, and prompts for a seed phrase. Binance's Chief Security Officer, Jimmy Su, emphasized that scammers often impersonate trusted platforms and exploit telecom loopholes to manipulate sender names and phone numbers. Su advised users to confirm official Binance channels through the tool provided by Binance and to verify any suspicious communications through official sources, such as the contact information on the official website.

In response to similar scams, the Australian government announced plans for an SMS Sender ID Register and an enforceable industry standard to combat such fraudulent activities. Under this standard, telecom companies must verify that messages sent under a brand name correspond with the legitimate registered sender and submit their legitimate Sender IDs for the register. The register is scheduled to launch in late 2025, with a pilot program operating in the meantime.

This scam highlights the evolving tactics used by cybercriminals to deceive cryptocurrency users. The use of spoofed Sender IDs and the impersonation of trusted platforms demonstrate the sophistication of these scams. Users are advised to remain vigilant and verify any suspicious communications through official channels to protect their assets from theft.