Cryptocurrency exchanges have always been a prominent target for hackers and other types of cybercriminals. Those concerns will not be going away anytime soon, considering how successful phishing attempts can be. The latest campaign is targeting Binance users and makes mention of an “ERC20 import event”.
Binance Users Beware
It is evident the growing popularity of Binance as a cryptocurrency trading platform has not gone by unnoticed. A lot of people are showing an interest in what the platform has to offer, but not all of this attention is 100% legitimate. Indeed, we’ve seen a lot of phishing campaigns, which are often relatively successful in the world of cryptocurrency.
The latest phishing email to make the rounds is specifically targeted at Binance users. This particular email advises users that the exchange has seen some big improvements. While there is some truth to that claim, the rest of the email should be ignored. There is no ERC20 import event taking place on the exchange, nor will there ever be.
Even so, the phishing email attempts to trick users into importing their ERC20 tokens through their regular Ethereum wallets. This is a clear attempt to steal customer funds, as users are redirected to a completely different website in the process. It looks almost identical to the Binance website, but the website’s address is completely different.
Anyone who follows the guidelines outlined in this email will eventually lose their money. It is unclear if the scammers are mainly interested in the ERC20 tokens or the Ethereum wallet addresses themselves. Even so, any funds linked to one’s address will be pretty much gone in the blink of an eye. It’s not exactly the most sophisticated approach, but one has to acknowledge that these attempts will be successful in one way or another.
What is rather worrisome is that this email was not just sent out to Binance users. Rather, it was also sent to individuals who recently participated in ICOs and other crowdfunding projects. How these addresses were obtained is unclear at this point. It is evident that criminals will utilize any addresses they can get their hands on in the hopes of striking it rich at some point. That is much easier said than done, for obvious reasons.
Whether or not this means we will see another wave of cryptocurrency-oriented phishing attempts remains to be seen. This particular method of attack has proven to be extremely lucrative for criminals over the past few months, and the influx of new users will only make it easier to trick people into giving up their information. Only time will tell if this particular campaign was successful, but we can only hope no one fell for it.