The Australian Federal Police (AFP) have warned over 130 individuals about a new SMS scam targeting cryptocurrency users by impersonating legitimate exchanges like Binance. Scammers send fake messages claiming account breaches and instructing victims to set up new wallets.
Since these messages appear within the same thread as legitimate Binance communications, they can easily deceive users. A fake support phone number is also provided, and when victims call, they are instructed to “secure” their funds by transferring cryptocurrency to a “trusted wallet” controlled by scammers.
The AFP stated that fraudsters exploit vulnerabilities in SMS systems, allowing them to replace phone numbers with sender IDs, such as company names. When a spoofed message is received, it is grouped into an existing legitimate conversation, making detection difficult.
Authorities have sent warning emails and texts to the 130 identified potential victims. AFP Cybercrime Commander Graeme Marshall emphasized that once funds are transferred, they are quickly moved across multiple wallets, making recovery extremely challenging.
This attack mirrors previous scams in which fraudsters impersonated Coinbase and Gemini, tricking users into setting up wallets using pre-generated recovery phrases controlled by scammers. Warning signs of such scams include unexpected messages from “Binance staff” about account breaches, urgent action requests, and references to seed phrases.
Binance’s Chief Security Officer, Jimmy Su, advised users to verify official channels before taking any action. He highlighted that scammers exploit telecommunication loopholes to manipulate sender IDs and phone numbers.
In response, the Australian government announced plans in December to establish an SMS Sender ID Registry to prevent similar scams. Under new industry standards, telecom companies must verify sender IDs and ensure they belong to legitimate organizations.
The registry is expected to launch by late 2025, with a pilot program introduced in the meantime. The AFP also revealed that Australians lost AUD 382 million to investment scams in the 12 months leading up to last August, with 47% involving cryptocurrency.
