Binance: Phone scammers act on our behalf — and we are powerless

Last week, Binance users were attacked by scammers who sent fake SMS messages about winning the Binance Mystery Box lottery with prizes of around 100 euros in cryptocurrency.

Victims were informed by unknown persons that the offer would expire on the same day and were advised to urgently pick up their winnings by clicking on the link in the SMS message.. After clicking on a malicious link, the context menu prompted the victim to log into his Binance account and provide the necessary passwords.

Binance admitted that the scheme is a typical attempt at a spoofing attack via SMS, when the attacker replaces the sender of the message in such a way that the message on the recipient’s phone is displayed as coming from a trusted source. The goal is to trick the victim into following instructions, stealing confidential data.

The company is powerless in the fight against such fraud, since the technology of the GSM communication system in which SMS messages operate allows the sender to arbitrarily fill in the “sender name” field, Binance said. Mobile operators do not check whether the sender of the SMS has the legal right to use a particular name.

“To close this security loophole in SMS, the whole world will have to modify GSM technology, which seems unrealistic to us,” concludes Binance.

Earlier, the National Agency for Prospective Projects of Uzbekistan (NAPP) announced that the world's largest crypto exchange Binance will be required to pay a fine for operating in the country without a license.