Fraudsters are sending fake SMS messages purporting to be from the Binance exchange, urging users to transfer funds to a fraudulent address under the guise of a supposed hacking threat from the Lazarus group. This was reported by Hong Kong-based Web3 enthusiast and entrepreneur Joe Zhou.
The entrepreneur received a message claiming to be from Binance, sent from the same number that typically sends verification codes. He was warned of an account login from a device in North Korea.
Zhou called the provided number and was instructed to create a new wallet using the SafePal service and transfer his Binance funds there, supposedly as a precaution during an investigation.
The user followed the instructions and began transferring assets. During the process, he consulted a friend working at the exchange and realized he was dealing with scammers who had access to the wallet.
Zhou managed to withdraw some funds before the fraudsters realized they had been exposed. He lacked sufficient funds for the final transaction, allowing the hackers to deposit a small amount of ETH into the wallet and seize the remaining tokens.
According to the victim, the financial losses were ultimately minimal, serving as “another valuable lesson.” He informed law enforcement and the exchange team about the fraudulent activity.
Several LinkedIn users responded to Zhou, stating they had received similar messages. Not all were warned of an attempted access from North Korea—one commentator reported a login attempt from Paris.
In November 2024, fake SMS messages claiming to be from Binance were sent to clients in Europe. The fraudsters reported security issues and advised users to transfer funds to a “safe place”—a fraudulent wallet.
Back in 2022, scammers spread messages about a supposed transaction confirmation with a link to cancel the operation, which led to a phishing site.