Recently, attackers have been impersonating Binance's official communications to lure victims into transferring funds to fake wallets. Multiple Binance users have reported falling victim to SMS fraud attacks, with phishing messages appearing in Binance's official message threads, making them nearly indistinguishable from legitimate communications. A user named Joe Zhou shared his experience on LinkedIn, stating that he received a message claiming that his account was accessed in North Korea and was asked to set up a SafePal wallet. Zhou followed the instructions but soon realized it was a scam. This attack occurred after Bybit suffered a vulnerability that resulted in nearly $1.50 billion in ETH losses. The CISO of SlowMist analyzed that this attack involved sophisticated forgery methods, possibly manipulating the sender's number through technical means or exploiting vulnerabilities in SMS gateways. Blockchain security company Scam Sniffer reported that such scams led to losses of $10.25 million for 9,220 victims in January.

Several Binance users have reported falling victim to an SMS spoofing attack.The phishing text appeared within Binance’s official message thread, making it nearly indistinguishable from legitimate communications.<h2>User Reports Binance Phishing Incident</h2>One user, Joe Zhou, shared his experience in a LinkedIn post, stating,&nbsp;“I want to report a recent scam related to the Bybit incident and Binance.”Zhou described receiving an SMS from the same Binance number where he typically received verification codes. The message claimed that his account was being accessed from North Korea. Already dealing with the aftermath of the recent Bybit incident, he panicked and called the number provided.The call was answered by someone who instructed him to set up a SafePal wallet, saying it was a Binance partner and referencing an article to support the claim. The individual repeatedly asked about the assets in his account and insisted that he transfer all of them for an investigation.Following the instructions, Zhou set up the wallet and began withdrawing funds from Binance. However, he soon became suspicious and contacted an acquaintance from the exchange, who confirmed it was a scam.The user then attempted to recover his funds by transferring them out of the wallet, but the scammer began competing with him to move the assets. Eventually, Zhou ran out of gas fees. As he attempted to swap ETH for fees, his balance was cleared.The attack occurred just days after Bybit suffered an exploit that resulted in the loss of nearly $1.5 billion worth of ETH from its cold wallet. Blockchain analysts and the FBI have identified the North Korean hacking syndicate Lazarus Group as the likely perpetrator.<h2>Sophisticated Spoofing Attack</h2>SlowMist’s Chief Information Security Officer (CISO) analyzed the breach, stating that it involved a sophisticated method. He disclosed that his friend had also received identical phishing text and shared a screenshot that showed the precise forgery used.According to him, one possibility was that fraudsters faked official text sources through spoofing, using technical methods to manipulate the sender’s number and embed text messages into official conversations.Alternatively, they may have exploited SMS gateway vulnerabilities or conducted supply chain attacks by breaching the gateway, targeting operators or third-party providers, or collaborating with SMS providers to fake official replies, making detection difficult.Phishing remains a major threat to crypto users. Blockchain security firm Scam Sniffer reported that such scams drained $10.25 million from 9,220 victims in January. Although this marked a 56% decline from December’s $23.58 million losses, the report noted that scammers are evolving and implementing more intricate methods.

Binance Users Fall Victim to Latest SMS Fraud Attack