Dozens of Binance users report receiving phishing text messages that look genuine. These messages match the phone numbers and SMS inboxes of official Binance updates they regularly see.

Almost all phishing texts reviewed by BeInCrypto have the same phrase and format. This makes it believable that a specific threat actor or criminal group is targeting Binance users with a sophisticated phishing campaign.

Phishing Campaign Targeting Binance Users

The messages often warn about unauthorized account activities, such as newly added two-factor authentication devices.

Most commonly, the phishing messages lead to texts about unexpected Binance API pairing with Ledger Live. Recipients are encouraged to call the provided phone number.

Some targeted users claim these texts appear in the same thread as legitimate Binance notifications. This creates confusion and prompts their engagement. According to BeInCrypto's investigation, consumer complaints are surging on X (formerly Twitter).

Many users say they were caught off guard because the scam messages came from the same sender ID used for Binance's authentication notifications.

Meanwhile, the criminals behind this campaign appear to be exploiting publicly reported Binance user data leaks on dark web forums.

Last month, 230,000 user records from Binance and Gemini were reportedly sold on the dark web. Security experts suggest these leaks occurred through phishing attacks rather than direct system breaches.

The suspected threat actor group appears to be using leaked information like names, phone numbers, and emails to craft targeted messages that seem legitimate.

Additionally, the pattern in phishing attempts typically includes an urgent "Is this you?" question. This encourages recipients to call the embedded phone number instead of simply clicking a link.

This method bypasses more common SMS phishing link scenarios.

Binance Expands Anti-Phishing Code to SMS

In an exclusive email to BeInCrypto, Binance's Chief Security Officer Jimmy Soo responded to these findings. Soo confirmed the company is aware of increasing smishing incidents.

"We are aware that phishing scammers are increasing smishing attacks where they impersonate us and other legitimate senders via SMS. These scams look more genuine and trick users into revealing sensitive information, clicking phishing links, or making transfers leading to asset loss," Binance's Chief Security Officer told BeInCrypto.

Soo also revealed that Binance has expanded anti-phishing codes to SMS, a feature originally provided for emails.

The code is a custom identifier appearing in official Binance messages, making it easier for recipients to recognize genuine notifications and avoid scammers.

"By integrating unique anti-phishing codes in Binance SMS messages, we are making it much harder for scammers to deceive our users," Soo said.

The anti-phishing code has been released in all licensed jurisdictions where Binance operates.

Additionally, Binance reports that both registered and unregistered users have reported receiving suspicious texts.

Therefore, attackers may be utilizing databases that include phone numbers of individuals who are not actively using Binance.

BeInCrypto recommends users take additional measures. For example, verify transactions directly through Binance's official app or website, use multi-authentication, and never share credentials over the phone.

It is strongly recommended to report suspicious messages to Binance support.

Individuals should verify anti-phishing codes to confirm official communications and carefully review requests to call phone numbers provided in unsolicited messages.