In a troubling development for crypto users, Australian authorities have uncovered a sophisticated SMS phishing scam that expertly mimics Binance communications, preying on unsuspecting investors. This latest scam highlights the growing threat of social engineering attacks targeting the booming crypto sector.
The Australian Federal Police (AFP) confirmed that over 130 individuals have already been targeted in the scheme, which exploits a telecom loophole allowing fraudsters to spoof official sender IDs, making the fake messages appear as part of legitimate conversations from Binance.
The attackers use SMS and encrypted messaging platforms to impersonate Binance support, warning users of a supposed “account breach.” Victims are told their crypto wallets are compromised and instructed to create new wallets immediately for “security reasons.”
What makes the scam so convincing is that these fake messages appear within the same thread as authentic Binance communications. Embedded in the message are fake verification codes and a spoofed support phone number.
Once victims call the number, scammers guide them to transfer their funds into a “trust wallet” controlled by the criminals. From there, the assets vanish quickly laundered through a maze of crypto wallets, making recovery nearly impossible.
“They Use Urgency and Fear” — AFP Warns
AFP Commander of Cybercrime Operations, Graeme Marshall, emphasized that once funds land in the scammer’s wallet, the chances of retrieval drop drastically. “These criminals rely on urgency and fear. The faster they move the funds, the harder it is for us to catch them.”
This scam mirrors a March 14 wave of phishing emails where fraudsters spoofed Coinbase and Gemini, tricking users into revealing seed phrases linked to pre-generated recovery wallets.
Red Flags to Watch Out For:
- Unsolicited messages claiming an account breach
- Requests for seed phrases or private keys
- Urgent demands to “secure” assets by transferring funds
- Fake verification codes in familiar message threads
Binance Chief Security Officer Jimmy Su called attention to the telecom loopholes allowing these scams to thrive. “Scammers manipulate sender IDs to impersonate trusted platforms like Binance. Always stop and verify through official channels if you’re unsure.”
Su reminded users that Binance offers a tool to verify official communication channels and encouraged everyone to rely solely on contact details listed on the official Binance website.
Government Crackdown Incoming
In response, the Australian government is accelerating plans for an SMS Sender ID Register, expected to launch in late 2025. The register will force telecom providers to verify message senders, preventing scammers from abusing legitimate brand names like Binance, Qantas, or Apple.
Until then, a pilot register is in place to protect major brands, but regulators warn that vigilance is still crucial.
Crypto-related scams continue to surge in Australia. AFP reports show AU$382 million ($269 million) lost to investment scams in the past year alone—47% of which were crypto-related.
As crypto adoption accelerates, phishing schemes grow increasingly complex and damaging. The latest attack serves as a stark reminder: in crypto, trust but verify—especially when your wallet is on the line.
Takeaway:
With rising crypto adoption, targeted scams like these will only intensify. As Australia ramps up its defenses, users must remain alert—double-check sender identities, avoid unsolicited wallet instructions, and always verify through official channels. In the world of digital assets, a single wrong click could cost everything.
