TL;DR
- Fraudsters are making fake support calls, urging users to change their API settings. Binance’s boss reminded that the company will never request passwords or credentials by phone.
- The warning follows previous scams involving impersonated support staff, malicious QR codes, and SMS spoofing.
‘Ring, Ring, It’s a Scam’
Richard Teng, the CEO of the world’s largest crypto exchange, took to X to warn about a recent fraud that may harm unsuspecting victims. He explained that the scammers’ attacks include fake support calls that lure people into changing their application programming interface (API).
Teng assured that Binance will never ask its users for their passwords or credentials over the phone, advising everyone to stay vigilant. Earlier this week, the exchange released an update dedicated to the matter.
“It starts with a simple phone call. On the other end of the line is someone who sounds “official” – calm, professional, and claiming to be from customer support. They warn you about urgent “security updates” and guide you to change your API (application programming interface) settings.
What feels like a routine safety check quickly turns dangerous. By adjusting those settings, victims unknowingly hand over the keys that let scammers drain funds straight into their own wallets,” the announcement reads.
The company stated that its risk experts are monitoring this evolving threat, but emphasized that “awareness is your first and strongest defense.” It also gave some vital tips to users that may protect them from such attacks.
Activating two-factor authentication (2FA), implementing a passkey for enhanced security, verifying all communication channels, and educating on scams are among the steps. Last but not least, Binance requested that users report any suspicious calls and activity.
“By staying alert, relying only on official Binance communication channels, and never making API changes at someone else’s direction, you shut the door on these attackers. Adding extra layers of protection, like passkeys and hardware-based 2FA, further hardens your account against impersonation attempts,” it concluded.
The Previous Warning
Earlier this summer, Binance alerted users that bad actors have been impersonating the exchange’s support center to steal personal information and trick them into scanning malicious QR codes.
The company revealed that people using popular social media platforms like WhatsApp, Telegram, and Facebook appear to be prime targets.
Prior to that, some Binance users reported falling victim to an SMS spoofing attack. They received messages that appeared to come from the number where they typically got verification codes. The SMS instructed people to set up a dubious wallet and move all their funds there due to a threat coming from North Korea. Needless to say, it was a scam, and those transferring assets had them embezzled.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
