In 2025, a new wave of phone impersonation scams is targeting cryptocurrency users, with Binance being a primary focus.
The scam “starts with a simple phone call. On the other end of the line is someone who sounds ‘official’ – calm, professional, and claiming to be from customer support,” Binance says.
The caller warns about urgent “security updates” and instructs users to change their API (Application Programming Interface) settings. What may seem like a routine security measure can quickly become a gateway for scammers to gain full access to users’ funds.
More About the Scam
Binance explains, “By adjusting those settings, victims unknowingly hand over the keys that let scammers drain funds straight into their own wallets.”
Scammers use spoofed numbers or voice-over-IP technology to appear legitimate. The call often contains warnings such as “Your Binance account may be at risk. We need to adjust your API settings immediately to secure your funds.”
Many users trust the caller, believing the request aligns with Binance’s strong security reputation. Following these instructions, victims inadvertently give attackers permissions to initiate withdrawals from their accounts.
“At the heart of this scam is the API – a powerful tool designed for automated trading and account management. By manipulating victims into expanding API permissions, such as enabling withdrawal functions, attackers gain near-total control.”
Because changes are made from the user’s device, initial security checks may not detect the intrusion.
“On the surface, everything looks normal. In reality, the account is already compromised.”
How to Protect Yourself
To protect accounts, Binance recommends a multi-layered approach:
- Activate Two-Factor Authentication (2FA): Enable 2FA using the Binance app or a hardware key to add an extra layer of security. This ensures that even if your API is compromised, withdrawals require additional verification.
- Implement Passkey for Enhanced Security: Go further by setting up Passkey, a phishing-resistant authentication method, to strengthen your 2FA. Available in the Binance app, Passkey uses biometric or device-based verification, offering robust protection against impersonation attacks—make this a priority.
- Verify All Communications: Never adjust API settings based on unsolicited calls or messages. Contact Binance directly through official channels. Reach support via chat or email support@binance.com to confirm legitimacy.
- Secure Your API Settings: Review your API permissions in the Binance app. Restrict withdrawal access unless absolutely necessary, and rotate keys regularly to minimize exposure.
- Monitor Account Activity: Check your transaction history and device logins daily. Set up email or SMS alerts for withdrawals to catch unauthorized activity early.
- Educate Yourself on Scams: Read our Know Your Scam blogs and visit Binance Academy for resources that will help you recognize impersonation tactics and secure your account.
- Report Suspicious Calls: If you receive a questionable call, hang up immediately, note the number, and report it to our support team with details.
- Use a Dedicated Device: Consider using a separate device or browser profile for Binance activities to reduce the risk of cross-contamination from other online interactions.
About Author
