The Australian Federal Police (AFP) has issued a warning to over 130 individuals about a new scam targeting cryptocurrency holders.
Fraudsters are sending fake messages impersonating major exchanges like Binance in an attempt to steal users’ digital assets.
These scammers exploit a technique called “sender spoofing”, which allows their fake SMS messages to appear in the same thread as legitimate Binance communications.
How the Scam Works
According to AFP, criminals send messages via SMS and encrypted messengers, posing as Binance support staff.
The message typically claims the user's account has been “hacked” and urges them to immediately create a new crypto wallet. These messages often include:
- Fake verification codes,
- Phone numbers for “support” lines,
- Instructions to "secure" the account.
However, calling the number connects victims with scammers who direct them to transfer funds into a “trusted wallet” — which is, in fact, controlled by the attackers.
Once transferred, funds are rapidly moved through a series of wallets, making them extremely difficult to trace or recover.
Why the Messages Look Real
Fraudsters use sender ID spoofing, allowing messages to display a brand name (like “Binance”) instead of a phone number.
This tricks devices into grouping fake messages alongside genuine Binance notifications, giving the scam a false sense of legitimacy.
Similar tactics have previously affected major companies like Qantas and Apple.
To combat this, the Australian government plans to launch a Sender ID Registry in 2025, requiring telecom companies to verify the legitimacy of branded message senders.
AFP and Binance Respond
AFP has sent email and SMS alerts to all 130 individuals who may have received fraudulent messages.
According to Graeme Marshall, head of AFP’s cybercrime division, the main goal is to prevent victims from sending funds before they realize they’ve been scammed.
Binance’s Chief Security Officer, Jimmy Su, confirmed the platform is aware of such attacks. He urged users to always verify sources and noted that Binance offers a tool to confirm official contact channels and support info.
Red flags to watch for (as listed by AFP):
- An unexpected message claiming your account was compromised.
- Urgent language pressuring you to act immediately.
- Requests for seed phrases or sensitive account information.
Crypto Fraud Losses Mount
According to AFP, Australians lost around $269 million to investment scams in the past 12 months, with about 47% of that linked to cryptocurrency.
This isn’t the first time scammers have spoofed Binance messages. In previous incidents, phishing links appeared in the same SMS thread as real Binance codes.
Web3 expert Joe Zhou reported on LinkedIn that he nearly fell victim to a similar attack. A phishing link appeared right in the chat where he normally receives legitimate Binance verification codes.
He suggested the scam may have involved SMS spoofing, SMS gateway breaches, or dishonest message providers — and hinted that recent cases may be connected.
Read Also:
- Microsoft: New StilachiRAT malware targets MetaMask, Trust Wallet, and more
- Hackers drain $120K from Four Meme; compensation claims now open
- Bybit breach impacts OKX; exchange shuts down DEX aggregator access and imposes restrictions
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.