security

加密貨幣的普及不再僅僅關乎更快的鏈、更低的費用或更大的流動性。接下來的真正戰鬥是信任。
幣安據說通過人工智能阻止了超過$10.5B的欺詐嘗試，這不僅僅是一次安全更新。這是一個信號，表明行業正進入一個更嚴肅的階段，在這個階段，保護、預防和智能風險系統與交易量同樣重要。
詐騙、釣魚鏈接、錢包抽水、假平臺和社會工程攻擊一直是加密貨幣最大的弱點之一，尤其是對於新用戶。如果人工智能能夠更早地檢測可疑行爲，更快地阻止有害活動，並在資金損失之前保護用戶，那麼這將超越交易所安全，變得更加重要。

金融行業的網絡攻擊達到了一個關鍵水平，焦點從技術漏洞轉向了物理和心理壓力。2026年4月成爲歷史新高：被盜金額超過$635百萬。朝鮮黑客負責76%的所有損失。此外，使用暴力的“扳手攻擊”增加了41%。惡意攻擊者越來越多地使用勒索和人工智能來對資本所有者進行精準恐嚇。

$BNB $BTC #cryptocurrency #Binance #CryptoScams #Security #OnlineFraud
Alternate headlines:
• From Phishing to Rug Pulls: How Crypto Scammers Target You (and How to Protect Your Binance Wallet)
• Common Crypto Scams Uncovered: Phishing, SIM Swaps, Fake Apps and More
• Crypto Fraud and Binance Security: How Thieves Steal Coins and Ways to Stop Them
Meta description:
Crypto scams lead to huge losses. Learn how phishing, SIM swaps, fake apps, rug pulls and more work — and how to keep your Binance account safe.
Author: Jane Doe is a cybersecurity journalist specializing in blockchain and crypto security.
_____________________________________
Executive Summary
Crypto scams are rampant, exploiting the irreversible and global nature of digital assets. In 2025 alone, Chainalysis estimates thieves stole a record $17 billion via various crypto scams. Scammers use tactics like phishing emails, SIM-swap attacks, fake mobile apps, “rug pull” exit scams, and even exchange hacks to steal coins. This article explains each scam type, with real examples, and offers clear prevention and recovery steps for Binance users. Key measures include using strong passwords, enabling 2FA and anti-phishing codes, activating withdrawal whitelists, and verifying any unusual contact through official channels. A comparison table summarizes scam methods, warning signs, and safeguards. By following these best practices and staying vigilant, users can greatly reduce the risk of losing their crypto. Future trends like AI-driven scams and stronger law-enforcement cooperation suggest the battle between scammers and defenders will continue to evolve.
Introduction
Cryptocurrency’s appeal — global transfers, privacy, and irreversible transactions — also makes it a target for fraud. Scammers can move stolen coins anywhere worldwide, often staying anonymous. Traditional fraud techniques have migrated to crypto (e.g. phishing and romance scams), and new methods unique to digital assets have emerged. According to industry data, crypto crime has surged: we estimate $17 billion was stolen in scams in 2025, with identity-impersonation attacks spiking 1400% year-over-year. In this landscape, crypto beginners and intermediate users alike need to understand how scammers operate and how to defend themselves. This article covers the most common crypto scams — from phishing to rug pulls — with real case studies and technical details, then provides step-by-step security advice for Binance users and a handy quick-checklist.
Common Scam Types
Scammers use a variety of methods to steal crypto. Key types include phishing, SIM swapping, fake apps, rug pulls/exit scams, social engineering impersonations, and exchange hacks. Each exploits different vulnerabilities:
• Phishing: Fraudsters send emails, messages or websites impersonating Binance (or other crypto services) to trick users into revealing login credentials or seed phrases. For example, an email may claim your account has an issue and direct you to a slightly spoofed URL (e.g. bistina.com instead of binance.com). If you log in on the fake site, the scammer captures your username, password, and even 2FA code. Crypto phishing kits and “phishing-as-a-service” tools make these attacks easy to launch at scale.
Warning signs: Unexpected emails from Binance, poor grammar, missing the personal Anti-Phishing Code in legitimate messages, or any request for private keys.
Prevention: Always check sender domains, use the official Binance app or bookmarks, enable Binance’s Anti-Phishing Code (which appears in genuine emails), and remember Binance will never ask for your password or full 12-word seed phrase.
• SIM Swap (Number Hijacking): Here attackers trick your mobile carrier into transferring your phone number to their device. With control of your number, they can intercept SMS-based 2FA codes or password resets. Victims have reported watching their crypto balances drain in real-time after a SIM swap. In one case, a Florida family lost ~$75,000 from Coinbase when criminals took over their phone and used the 2FA code sent via SMS.
Warning signs: Sudden loss of phone signal, unusual “SIM changed” alerts, or inability to send SMS/receive calls for a brief time.
Prevention: Use app-based authenticators (Google Authenticator or Binance Auth) instead of SMS 2FA. Set a PIN or extra password with your carrier (many allow a secret code on your line), and ask for protections like a PIN or voice-print with your mobile provider. Enable Binance’s advanced security settings (below) so that an attacker alone cannot easily withdraw funds.
• Fake Mobile/Desktop Apps: Scammers create counterfeit cryptocurrency wallets or exchange apps that appear legitimate. For instance, security researchers found over 20 malicious apps on Google Play posing as known wallets (SushiSwap, PancakeSwap, etc.). These apps typically include a fake login flow where any seed phrase or password you enter is sent to the attacker, allowing them to empty your real wallet.
Warning signs: Apps that have few reviews, many typos, lack a verified publisher name, or ask for the full seed phrase.
Prevention: Only download Binance apps from official sources (Binance.com or verified app stores). Never paste your 12-word private wallet seed into an app or website. If an app asks for your seed or private keys, assume it’s malicious. As Binance’s security team warns: never share your seed phrase or 2FA codes with anyone.
• Rug Pulls (Exit Scams): In decentralized finance (DeFi), scammers can lure investors into a new token or project and then “pull the rug” by draining the project’s liquidity. The SQUID Game token (inspired by Netflix’s show) is a notorious example: it spiked to over $2,800, then its developers withdrew $3.38 million from the liquidity pool and stopped trading, collapsing the price to nearly zero. In that scheme, a hidden smart-contract restriction prevented holders from selling before the rug pull.
Warning signs: Promises of unrealistically high returns, anonymous or unverified team, disabled comments on social media, poor website quality, or code that blocks selling.
Prevention: Exercise extreme caution with new altcoins or DeFi projects. Do thorough research: check if contracts are audited, whether liquidity is locked, and if the token devs have any reputation. Stick to well-known coins when in doubt.
• Social Engineering / Impersonation: Scammers prey on trust and authority. They may pose as Binance support agents, famous influencers, or even friends on Telegram/WhatsApp. A new scheme involves fraudulent phone calls: scammers spoof Binance’s number and warn of “security issues,” then guide victims through changing API settings. Trusting the caller, victims unwittingly enabled withdrawal permissions on their API keys, letting attackers drain their accounts.
Warning signs: Unsolicited calls or messages asking for sensitive actions (like changing account settings). Offers of guaranteed profits, or someone rapidly building rapport on social media or dating apps to pitch investments.
Prevention: Remember that Binance will never ask you to adjust security settings via phone or chat. Always hang up if a caller pressuring you about your account. Independently verify by contacting Binance support through official channels. Do not trust requests for your passwords, 2FA codes, or API keys from anyone.
• Exchange or Wallet Hacks: Sometimes hackers attack the exchange or service itself. For example, in May 2019 Binance suffered a breach: attackers used phishing emails and malware to steal user API keys and 2FA tokens, then withdrew 7,000 BTC (~$40M) from Binance’s hot wallet. (Binance covered all losses with its SAFU fund.) While individual users couldn’t have prevented that hack, it highlights why some people choose hardware wallets or avoid leaving large balances on any exchange.
Warning signs: Unusual account activity, large unauthorized withdrawals, or announcements from Binance about a breach.
Prevention: As an end-user, ensure your personal security is tight (strong password, 2FA, up-to-date software). Monitor official Binance news channels for announcements. Keep only necessary funds on exchanges and consider using hardware wallets for long-term storage.
Real-World Case Studies
Putting a spotlight on specific incidents helps illustrate these dangers:
• Binance 2019 Hack: Attackers orchestrated a large-scale breach on May 7, 2019. By tricking users through phishing and installing malware, they obtained many users’ API and 2FA credentials. They used these to withdraw 7,000 BTC (~$40M) in one transaction. Binance detected the theft too late to block it, but reassured users all losses would be covered. This shows how even “trusted” platforms can be targeted, and why personal defenses like 2FA and whitelist are vital.
• Fake Support Phone Scam (2025): In late 2025, Binance warned of a new “vishing” scam. Victims received spoofed calls claiming to be Binance security, then followed step-by-step instructions to “adjust API settings” to safeguard their accounts. In fact, this granted scammers permission to withdraw funds via the API. Dozens of users lost hundreds to thousands of USDT before realizing the truth. After the scam, Binance advised never to make account changes from unsolicited calls, and to immediately report such attempts.
• SQUID Token Rug Pull (2021): SQUID Token Rug Pull (2021): In Nov 2021, scammers launched a “Squid Game” themed token (ticker SQUID). The token price rocketed from $0.01 to $2,861 as investors poured in. However, a secret contract code prevented anyone from selling. On Nov 1, the developers executed their plan: they withdrew $3.38 million from the liquidity pool and disappeared. The token price crashed to near zero within minutes, leaving investors with worthless assets. Analysts later noted red flags: no ties to the Netflix brand, disabled social media comments, and a suspicious smart contract design. This case underscores the importance of researching projects before investing.
• SIM Swap Theft (2021): A family in Florida saved for years and held ~$75,000 in crypto. On May 9, 2021, the husband found his account drained to just $2,000. The next day he learned his T-Mobile number had been hijacked around the time of the theft. An FBI forensics report showed the attacker logged in from a new device by using the victim’s password and the SMS 2FA code sent to the hijacked number. Unfortunately, even though Coinbase was insured, it honored the proper security protocol used by the thief, so the victims were not reimbursed. This personal story highlights how easily SIM swaps can bypass SMS-based 2FA and drain accounts.
These examples show that scammers exploit both technology (phishing websites, smart contracts) and human trust (social engineering). Below image is a concise comparison of common scam types:

Table: Common crypto scam types, how they work, warning signs, and preventive measures (compiled from Binance Academy and security reports)
How These Attacks Work (Technical Attack Vectors)
• Phishing Kits and Malware: Scammers often buy “phishing kits” that automate sending fake Binance emails with cloned login pages. These pages may run in a background WebView inside a fake app or site. Malware like keyloggers or clipboard hijackers can also steal credentials on a device.
• Credential & 2FA Theft: In phishing or SIM swaps, attackers obtain your password and 2FA tokens. SMS 2FA is vulnerable because SIM hackers can receive codes. Binance Authenticator or hardware keys resist SIM attacks. Attackers may also try clipboard-grabbing malware that replaces copied crypto addresses.
• Smart Contract Exploits: In rug pulls, scammers write malicious code into a token’s smart contract (for example, disabling sell operations). This requires understanding of smart contract programming. Once the trap is set, they can withdraw liquidity, effectively stealing the funds back.
• API Manipulation: Binance API keys are meant for automated trading, but if a user unknowingly grants full access (including withdrawals) to an attacker’s key, funds can be moved out. The fake-support calls manipulated victims into expanding API permissions without noticing
• Infrastructure Attacks: Large hacks may involve breached servers or stolen signing keys. The 2019 Binance hack likely exploited internal systems (like getting user API keys and 2FA from logs). Criminals also use anonymizing infrastructure (bulletproof hosting, VPNs) to hide their tracks.
In summary, scammers blend social engineering with technical exploits. They capitalize on human error (clicking links, trusting callers) and sometimes actual software vulnerabilities (malware, code loopholes). The depth of their tactics underscores why multiple layers of protection are needed.
How Binance Users Can Protect and Recover Their Funds
Secure Your Account Setup: Always register on the official Binance website or app. Create a strong, unique password that you only use on Binance. Immediately enable two-factor authentication (2FA). Binance supports Google Authenticator, Binance Authenticator app, and hardware keys (Passkey). 2FA is critical: even if someone steals your password, they cannot log in without the time-sensitive code.Anti-Phishing Code: Set up Binance’s Anti-Phishing Code in your account. This is a custom code or word that appears in every legitimate Binance email or SMS. Before opening any Binance email, verify the code is present and correct; if it’s missing or wrong, delete the message as it’s likely fake.Withdrawal Whitelist: Enable the withdrawal address whitelist in Binance’s security settings. Only pre-approved addresses can receive withdrawals from your account. This way, even if a hacker gains access, they cannot withdraw crypto to unknown wallets. For example, Binance notes that whitelisting prevents a fraudster from moving funds away if your account is compromised.Strong Email and Device Hygiene: Use a secure, unique email address for Binance, preferably with 2FA. Never click links in unsolicited emails or messages; instead, go to Binance.com by typing the URL or using a bookmark. On your devices (PC/smartphone), keep operating systems and antivirus software up to date, avoid jailbreaking/rooting, and only install apps from official stores. If using public Wi-Fi, avoid accessing exchange accounts.Verify Communications: Be skeptical of any message or call about your account. Official Binance communications come from verified @binance.com addresses or via the Binance app. Binance explicitly warns: they will never phone you to make security changes. If you get an urgent call or DM, hang up immediately. Binance advises reporting suspicious calls by noting the number and notifying Binance support.Monitor Account Activity: Regularly check your Binance login and withdrawal history. Enable alerts: Binance can send you notifications for logins, withdrawals, and changes to account settings. If you see any unknown activity, change your password, disable withdrawals, and contact Binance support at once.Recovery Steps: If you suspect a compromise, immediately: (a) Disconnect your device from the internet; (b) Change your Binance password and revoke all API keys; (c) Turn off or rotate 2FA (in case it was leaked); (d) Contact Binance’s 24/7 support and ask them to temporarily freeze withdrawals on your account. File reports with local law enforcement or fraud bureaus, and if U.S.-based, report to IC3 (the FBI’s Cyber Complaint Center). Keep any transaction IDs or communication logs — these may help in tracing or recovery. Remember, while Binance’s SAFU fund covers exchange-side breaches, individual user errors usually rely on personal vigilance for protection.
Checklist & Quick Tips
Use Strong Passwords & 2FA: Always enable two-factor authentication (prefer authenticator apps or hardware keys over SMS).Enable Anti-Phish Code: Customize it in your Binance profile; check it on every email from Binance.Whitelist Withdrawal Addresses: Only allow trusted addresses for withdrawals.Bookmark Official Sites: Access Binance only via official links (e.g., bookmark binance.com) to avoid typosquatting domains.Verify Website SSL: The real Binance site has a valid HTTPS certificate from a trusted issuer; be wary of certificate warnings.Update & Secure Devices: Keep your computer/phone OS and apps updated. Don’t install unknown software.Check Social Media: Only follow Binance’s verified accounts. Scammers often create imposter accounts claiming to be support.Watch for Red Flags: Unrealistic investment promises, “urgent” pressure, or anyone asking for your private keys/email password are always scams.Use Cold Storage: For large or long-term holdings, consider a hardware wallet instead of leaving all funds on an exchange.Stay Informed: Educate yourself on common scams. Binance Academy and blogs regularly publish security articles (see Recommended Readings).
Conclusion and Future Outlook
Crypto scammers continue to innovate, but so do defenders. Blockchain transparency and law enforcement have led to record seizures — for example, authorities recovered 61,000 BTC (worth billions) in 2025 from global crypto crimes. This shows that even though transactions are irreversible, they are traceable on-chain. As the industry matures, exchanges like Binance are implementing stricter project vetting and user protections (e.g. SAFU insurance, fraud monitoring). Looking ahead, emerging threats (AI-generated deepfakes, advanced social-engineering tools) will require users to stay vigilant and for platforms to adopt stronger security measures. By combining technical safeguards (2FA, whitelists) with informed skepticism of scams, crypto users can significantly reduce risk. Remember: in cybersecurity, your vigilance is the best shield — stay cautious, double-check anything unusual, and use all tools Binance provides to keep your crypto safe.

大消失
在加密貨幣的世界裏，我們見識過很多：從天才級的黑客攻擊到愚蠢的代碼錯誤。但最近發生在CBEX平臺的案例，聲稱要被評爲“2026年最無恥的欺詐提案”。這是一個關於開發者的冷酷與受害投資者的無盡希望相遇的故事。