Binance Turns a Blind Eye on Impersonators

Last week, Binance patrons received SMS messages enticing them to join a lottery with the prospect of winning up to 100 EUR in cryptocurrencies.

Despite these messages infiltrating threads containing official announcements from the exchange, they were, in fact, fraudulent. Binance users found themselves receiving SMS notifications towards the end of the week, falsely proclaiming victory in the “Binance Mystery Box” lottery.

In response, Binance promptly issued a cautionary message to its users, advising them to disregard any communications asserting to be from Binance and refrain from clicking on provided links.

The root of this deceptive scheme lies in the GSM system, permitting senders to arbitrarily fill in the sender name field. Unlike standard SMS applications that typically display the sender's phone number, companies often replace it with a textual name, such as “Binance.”. The absence of verification by operators enables fraudsters to use the same sender name as legitimate messages from Binance, leading recipients to trust the scam SMS as part of their message history.

These SMS scams, directed at cryptocurrency users, represent a standard phishing endeavour to extract sensitive data from unsuspecting victims. In a previous incident a few months ago, Binance users in Hong Kong suffered losses nearing $500,000 to scammers posing as Binance representatives, manipulating them into performing account verifications. Binance has also been alerting its customers to the escalating prevalence of investment scams, colloquially known as “pig butchering,” potentially linked to phishing attempts.

Binance noted that Poland has recently introduced regulations to mitigate the prevalence of this exploit, to some extent. This involves registering sender names and assigning them to specific entities by telecommunications operators.

While Binance remains vigilant and issues warnings to its users, rectifying the security loophole in SMS technology necessitates a modification to the entire GSM system, deemed an impractical endeavour. Cryptocurrency users are advised to maintain vigilance, dismiss suspicious messages, and rely on official announcements from reputable sources to shield themselves from falling victim to such scams.