On August 26, Binance CEO Richard Teng announced that the Binance team identified a coordinated Binance scam involving fraudulent customer-service calls that urged users to change their API settings. The post confirmed the incident and characterized the calls as social-engineering attempts aimed at compromising account controls.
According to the report, attackers leveraged spoofed numbers and VoIP channels to impersonate Binance support, telling recipients, “Your Binance account may be at risk. We need to adjust your API settings immediately to secure your funds.” This tactic enabled the adversaries to obtain elevated API permissions without direct platform access.
Once granted, those permissions were used to initiate withdrawal operations, routing cryptocurrency to a wallet under attacker control. Users are advised to verify official channels, refrain from sharing credentials, and prioritize API security by auditing permissions and revoking unknown keys immediately.