Bitcoin ($111,297.00)
Ethereum ($4,606.85)
XRP ($3.00)
Tether ($1.00)
BNB ($858.66)
Solana ($204.09)
USDC ($1.00)
Lido Staked Ether ($4,594.94)
Dogecoin ($0.22)
TRON ($0.35)
Cardano ($0.86)
Wrapped stETH ($5,575.28)
Chainlink ($24.24)
Wrapped Beacon ETH ($4,963.94)
Wrapped Bitcoin ($111,257.00)
Hyperliquid ($49.63)
Wrapped eETH ($4,939.07)
Ethena USDe ($1.00)
Sui ($3.44)
Stellar ($0.38)
Bitcoin Cash ($552.64)
Avalanche ($24.58)
Hedera ($0.24)
WETH ($4,608.37)
LEO Token ($9.54)
Radhika Parashar
- Binance called this a new category of impersonation scam
- The scammers increased their activity in July, Binance said
- Binance’s risk experts are working to track threat actors
Binance CEO Richard Teng has raised alarms against a scam that is now increasingly targeting Binance users. As part of this scam, Teng disclosed that, cyber criminals have been trying to convince Binance users to change their “security settings” via adjustments to their application programming interface (API) configurations.
Asserting that Binance officials never asks for user passwords or credentials over the phone, Teng said these calls are completely fake. “Stay vigilant,” he advised.
Decoding the scam tactic
Binance, in an official blog post, explained the unfolding of the ongoing scam. It said, the scammers are reaching out to the exchange’s users with urgent warnings, claiming that their accounts could be at risk and API adjustments could help secure their funds.
APIs are tools that enable automated trading and account management. By tricking victims into expanding API permissions, the scammers could overtake control of multiple crucial functions like withdrawals.
“This is a new breed of phone impersonation scams that exploits one of the strongest weapons criminals can wield: misplaced trust. By posing as trusted representatives, they [scammers] bypass natural skepticism and trick users into opening the gates themselves,” the blog noted.
Because these changes appear to be initiated from the user’s own device, they manage to clear initial internal security checks leaving the account compromised.
Impact of the scam
Binance claims that it received information on this scam after user complaints began to surface on social media. Many said their crypto holdings were drained from their wallets after having interacted with “company officials”.
“Early estimates indicate that dozens of users were affected, with individual losses ranging from hundreds to several thousand USDT in crypto,” the exchange highlighted.
The scammers increased their activity in July, when the market sentiment was bullish and traders were focusing on opportunities more than on threats.
“The scammers knew it, and they struck when vigilance was at its lowest,” the exchange said.
Presently, Binance’s risk experts are working to track threat actors and analyze call patterns to identify attacker networks.
The exchange has also reiterated that all its official updates are only shared via the official app or a verified Binance domain email.
“Our 24/7 support team can revoke compromised API keys and freeze accounts if you report suspicious activity promptly,” the exchange said, asking individuals to report these types of calls.
Last week, Binance joined Tether, Tron, and TRM Labs to work with crypto exchanges, financial institutions, and other members of the Web3 ecosystem to identify and curb scam and hack risks.
