In a recent surge of cryptocurrency-related fraud, over 130 individuals in Australia have fallen victim to a sophisticated scam impersonating the Binance cryptocurrency exchange. Scammers contacted targets via SMS and encrypted messaging platforms, claiming their crypto accounts were compromised and instructing them to transfer funds to a ‘trust wallet’ controlled by the scammers, resulting in asset theft. Authorities are urging recipients of such messages to verify communications and report fraudulent activity.
The scammers employed a technique known as ‘spoofing,’ where fraudulent messages appeared within legitimate existing message threads from Binance. These messages contained fake verification codes and provided a support phone number. When victims called this number, they were instructed to protect their accounts by transferring their cryptocurrency to a ‘trust wallet,’ which was, in fact, controlled by the scammers. This deceptive tactic led to the swift theft of assets, as transferred funds were rapidly moved through a network of wallets and money laundering accounts, making recovery exceedingly difficult.
In response to this alarming trend, the National Anti-Scam Centre (NASC), in partnership with the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), has initiated a comprehensive outreach program. They have sent texts and emails to more than 130 potential victims, alerting them to the impersonation scam targeting Binance users. This proactive approach aims to inform and protect cryptocurrency customers from falling prey to such fraudulent schemes.
AFP Commander Cybercrime Operations Graeme Marshall emphasized the importance of swift action, stating that once funds are transferred to accounts controlled by scammers, they are generally quickly moved through various wallets, complicating seizure or recovery efforts. He urged anyone who received a warning from the NASC to take it seriously and, if they had already transferred their cryptocurrency, to report it immediately to their bank or digital currency exchange and then to the police via ReportCyber, quoting the reference number AFP-068.
Impersonation scams have become increasingly common, with scammers pretending to be trusted businesses, government agencies, law enforcement, or even friends and family to steal money or personal information. The sophistication of these scams has grown, making it vital for individuals to verify all communications they receive, even when they appear to come from trusted organizations. Australian Competition & Consumer Commission Deputy Chair Catriona Lowe highlighted that scammers go to significant lengths to create the appearance of legitimacy and urged all Australians to contact organizations directly using official contact details from their websites or apps to verify any communication they receive.
Binance, one of the world’s largest cryptocurrency exchanges, has reiterated its commitment to user security. Chief Security Officer Jimmy Su emphasized that protecting users is Binance’s top priority and that education is key in the fight against scams. He noted that scammers often impersonate trusted platforms by exploiting telecom loopholes to manipulate sender names and phone numbers to create urgency. Su advised users to always verify communications using Binance Verify—a tool to confirm official Binance channels—and to never share sensitive information like seed phrases or transfer funds under pressure. He also assured that Binance remains committed to working with law enforcement and the community to combat fraud and enhance user security.
To safeguard against such scams, individuals are advised to take several precautionary measures:
- Verify Communications: If contacted by someone claiming to be from a digital currency exchange (DCE) provider, use the official contact details on the provider’s website to confirm the legitimacy of the request.
- Avoid Clicking Unsolicited Links: Do not click on any links or download attachments from unsolicited messages, as they may lead to phishing sites or install malware.
- Be Wary of Urgent Requests: Exercise caution with urgent requests asking for immediate action, as scammers often create a sense of urgency to prompt hasty decisions.
- Maintain Device Security: Ensure that all software and devices are up to date with the latest security patches to protect against vulnerabilities.
- Protect Personal Information: Never provide personal information, particularly sensitive data like seed phrases or private keys, to unverified or unsolicited contacts.
If you suspect that you have fallen victim to such a scam, it is crucial to act promptly:
- Report to Authorities: Contact your bank or digital currency exchange immediately to report the incident. Additionally, report the scam to the police via ReportCyber, quoting the reference number AFP-068.
- Cease Communication: Stop all communication with the scammer to prevent further manipulation or loss.
- Notify Your DCE Provider: Inform your digital currency exchange provider about the scam to seek assistance and potentially halt unauthorized transactions.
- Seek Support: If your identity has been compromised, contact the national identity and cyber support service, IDCARE, for guidance on protecting your personal information.
Situations like these can be distressing. Support services such as Lifeline (13 11 14) and Beyond Blue (1300 224 636) are available 24/7 to provide assistance to those affected.
This incident is part of a broader trend of cryptocurrency-related scams in Australia. In August 2024, the AFP collaborated with blockchain data platform Chainalysis in Operation Spincaster, targeting criminals using ‘approval phishing’ tactics. This operation identified more than 2,000 compromised crypto wallets belonging to Australians, highlighting the global scale and sophistication of cryptocurrency scams