TLDR
- Australian authorities identified over 130 victims of Binance cryptocurrency exchange impersonation scams
- Scammers contacted victims via SMS and encrypted messaging with fake verification codes appearing in legitimate message threads
- Victims were instructed to transfer funds to “trust wallets” controlled by scammers
- Once transferred, funds were quickly moved through networks of wallets making recovery nearly impossible
- Australian Federal Police launched Operation Firestorm in 2024 to disrupt offshore crime networks targeting Australians
The Australian Federal Police (AFP) has issued an urgent warning to cryptocurrency users after identifying more than 130 potential victims of a sophisticated impersonation scam targeting customers of the Binance cryptocurrency exchange.
On March 20, 2025, authorities sent a text and email blitz to alert victims about the scam. The victims were identified through messages found on an end-to-end encryption platform as part of Operation Firestorm.
The scammers contacted victims through SMS and encrypted messaging platforms. They claimed to be Binance representatives warning that the victims’ cryptocurrency accounts had been breached.
These messages contained fake verification codes and often appeared in legitimate existing message threads from Binance. This spoofing technique made the messages seem more believable to customers.
The fraudulent messages included a support phone number for victims to call. When targets called this number, they were told their accounts were at risk.
The scammers then instructed victims to protect their funds by transferring cryptocurrency to a “trust wallet.” These wallets were actually controlled by the scammers, allowing them to steal the assets.
AFP Commander Cybercrime Operations Graeme Marshall explained the challenge of recovering stolen funds. Once transferred to scammer-controlled accounts, the funds were quickly moved through a network of wallets and money laundering accounts.
“The AFP has worked closely with our partners at the NASC to ensure any victims in Australia targeted by these scammers were identified swiftly,” Commander Marshall said.
The NASC refers to the National Anti-Scam Centre, which partnered with the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) in this operation.
Warning to Anyone Receiving SMS
Authorities are urging anyone who received the warning SMS or email from the NASC to take it very seriously. Victims who have already transferred cryptocurrency to a trust wallet should immediately report it to their bank or digital currency exchange.
They should then report the incident to police via ReportCyber, quoting reference number AFP-068. Quick action may help limit further damage, though recovery of funds remains difficult.
Australian Competition and Consumer Commission Deputy Chair Catriona Lowe highlighted how impersonation scams have become increasingly common. “Impersonation scams rely on people trusting that the text, email or phone call they get is legitimate,” Ms. Lowe said.
Scammers go to great lengths to create the appearance of legitimacy. This makes it harder for even cautious users to identify fraudulent communications.
The ACCC advises all Australians to verify any communication they receive. This can be done by contacting organizations directly using official contact details from their website or app.
Binance Chief Security Officer Jimmy Su emphasized that protecting users is the company’s top priority. “Scammers often impersonate trusted platforms by exploiting telecom loopholes to manipulate sender names and phone numbers,” Mr. Su explained.
Binance Verify
He recommended that users verify communications using Binance Verify, the company’s tool for confirming official channels. Users should never share sensitive information like seed phrases or transfer funds under pressure.
The cryptocurrency scam was identified as part of Operation Firestorm. This global operation was launched in 2024 to address and disrupt offshore crime networks targeting Australians through various scams.
The AFP worked with international law enforcement partners to identify the Australian victims. This collaboration is part of ongoing efforts to combat cybercrime across borders.
Authorities have shared several warning signs to help people identify similar scams. These include unsolicited contact about account breaches, pressure to act quickly, and requests to provide sensitive information or transfer money.
To protect themselves, cryptocurrency users should verify requests through official channels. They should not click on links or download attachments from unsolicited messages.
Users should be wary of urgent requests and keep their devices secure. They should never share personal information, especially seed phrases which provide access to cryptocurrency wallets.
This coordinated response comes amid rising concerns about cryptocurrency scams in Australia. Last month, the Australian Competition and Consumer Commission warned about the potential impact of relaxed crypto regulations in the United States under President Donald Trump’s administration.
The ACCC’s annual scam report revealed Australians lost over $1.3 billion to investment scams in 2023. Cryptocurrency scams were a major contributor to these losses.
