It starts with a simple phone call. On the other end of the line is someone who sounds “official” – calm, professional, and claiming to be from customer support. They warn you about urgent “security updates” and guide you to change your API (application programming interface) settings. What feels like a routine safety check quickly turns dangerous. By adjusting those settings, victims unknowingly hand over the keys that let scammers drain funds straight into their own wallets.
This is a new breed of phone impersonation scams sweeping through the crypto space in 2025. The scheme exploits one of the strongest weapons criminals can wield: misplaced trust. By posing as trusted representatives, they bypass natural skepticism and trick users into opening the gates themselves.
Binance’s risk experts are tracking this evolving threat closely, but awareness is your first and strongest defense. In this guide, we’ll break down how the scam works, share its real-world consequences, and most importantly, walk you through the steps you can take to keep your account safe.
A closer look at the scam
It starts with a phone call that can feel legitimate: the number looking “official,” the voice on the other end sounding professional and persuasive, just like a real customer support agent. Using spoofed numbers or voice-over-IP technology, scammers reach out with urgent warnings: “Your Binance account may be at risk. We need to adjust your API settings immediately to secure your funds.”
For many users, this story could sound believable. Binance is known for its focus on security, so the request makes sense. Trusting the caller’s authority, victims log in to their app or website and follow the instructions step by step, unknowingly opening the door to their funds for attackers.
Within hours, those small API adjustments yield major consequences. The scammers exploit the new permissions to initiate withdrawals, siphoning crypto straight into wallets they control.
The technical exploitation
At the heart of this scam is the API – a powerful tool designed for automated trading and account management. By manipulating victims into expanding API permissions, such as enabling withdrawal functions, attackers gain near-total control.
Because these changes appear to come directly from the user’s own device, they slip past initial security checks. On the surface, everything looks normal. In reality, the account is already compromised.
Across social media, frustrated users began sharing warnings of drained wallets and suspicious calls, sparking widespread concern across the crypto community.
Real-world impact
The numbers are sobering. Early estimates indicate that dozens of users were affected, with individual losses ranging from hundreds to several thousand USDT in crypto. But the damage isn’t only financial. Victims describe feelings of shock and betrayal: many believed they were taking steps to protect their accounts, only to discover they had been tricked into handing over control.
The timing made it worse. This wave of attacks hit during a busy trading period in late July, when markets were moving fast and users were more focused on opportunities than on threats. The scammers knew it, and they struck when vigilance was at its lowest.
Binance’s risk mitigation efforts
Our teams work at the frontlines of combating this emerging scheme.
Threat Analysis: We’re tracking call patterns and API misuse to identify and block attacker networks.
Official Communication: Binance never initiates security adjustments via unsolicited phone calls. All legitimate updates come through the app, email (from verified @binance.com addresses), or binance.com.
Rapid Response: Our 24/7 support team can revoke compromised API keys and freeze accounts if you report suspicious activity promptly.
While these measures provide a strong defense, they depend on your active participation to be fully effective.
Self-defense strategies
Protecting your Binance account requires a multi-faceted approach. Here’s how to shield yourself from this and similar threats:
Activate Two-Factor Authentication (2FA): Enable 2FA using the Binance app or a hardware key to add an extra layer of security. This ensures that even if your API is compromised, withdrawals require additional verification.
Implement Passkey for Enhanced Security: Go further by setting up Passkey, a phishing-resistant authentication method, to strengthen your 2FA. Available in the Binance app, Passkey uses biometric or device-based verification, offering robust protection against impersonation attacks—make this a priority.
Verify All Communications: Never adjust API settings based on unsolicited calls or messages. Contact Binance directly through official channels. Reach support via chat or email [email protected] to confirm legitimacy.
Secure Your API Settings: Review your API permissions in the Binance app. Restrict withdrawal access unless absolutely necessary, and rotate keys regularly to minimize exposure.
Monitor Account Activity: Check your transaction history and device logins daily. Set up email or SMS alerts for withdrawals to catch unauthorized activity early.
Educate Yourself on Scams: Read our Know Your Scam blogs and visit Binance Academy for resources that will help you recognize impersonation tactics and secure your account.
Report Suspicious Calls: If you receive a questionable call, hang up immediately, note the number, and report it to our support team with details.
Use a Dedicated Device: Consider using a separate device or browser profile for Binance activities to reduce the risk of cross-contamination from other online interactions.
Pro Tip: If you’ve adjusted your API after a suspicious call, change your password, disconnect your device from the internet, and contact Binance support to revoke all API keys immediately.
Final thoughts
Once again, the rise of fake support calls highlights an important truth: your vigilance is the strongest shield you have.
By staying alert, relying only on official Binance communication channels, and never making API changes at someone else’s direction, you shut the door on these attackers. Adding extra layers of protection, like passkeys and hardware-based 2FA, further hardens your account against impersonation attempts.
Binance is monitoring these threats around the clock and building tools to protect you. But no system is stronger than the combination of user awareness and platform security. Together, we can outsmart scammers, safeguard your assets, and keep the crypto ecosystem secure.
For these and more stories, follow us on X (Formerly Twitter), Facebook, LinkedIn and Telegram. You can also send us tips or reach out at [email protected].
Also Read: Binance Celebrates 8 Years of Crypto Innovation
