Crypto Exchange Scams: Fake Binance and Coinbase Emails
Cryptocurrency exchange users lost over $3.8 billion to phishing and social engineering in 2025, according to Chainalysis. Binance and Coinbase, as the two largest exchanges by user count, are the most frequently impersonated brands in crypto-related fraud. The irreversible nature of blockchain transactions means that once funds are stolen, recovery is virtually impossible.
If you hold any cryptocurrency on an exchange, these are the scams actively targeting you right now.
Got a suspicious crypto exchange email? Paste it into our free scanner →
Phishing Emails: The Primary Attack Vector
Over 80% of crypto exchange scams begin with a phishing email. The most common templates include:
The security alert:
"Coinbase Security Alert: Unauthorized login detected from IP 185.234.xx.xx (Russia). If this wasn't you, secure your account immediately: [Secure My Account]"
The withdrawal confirmation:
"Binance: A withdrawal of 0.85 BTC ($52,340) has been initiated from your account. If you did not authorize this withdrawal, cancel it within 30 minutes: [Cancel Withdrawal]"
The KYC deadline:
"Your Coinbase account requires identity verification by March 15, 2026. Unverified accounts will be restricted and funds may be frozen. Complete verification now: [Verify Identity]"
Each of these creates panic that drives victims to click before thinking. The links lead to perfect replicas of exchange login pages that capture credentials and 2FA codes in real time, then relay them to the scammer's automated system which logs into the real account and initiates withdrawals within seconds.
Real-Time Phishing: Bypassing 2FA
Modern crypto phishing isn't the crude "enter your password" page of the past. Today's phishing kits use reverse-proxy technology (tools like Evilginx) that sits between you and the real exchange website. When you enter your username, password, and 2FA code on the fake site, the phishing server immediately relays those credentials to the real site, capturing the authenticated session cookie. The scammer then uses that cookie to access your account as if they were you — and your 2FA is completely bypassed.
Got a suspicious email?
Paste it here for an instant analysis.
Free · No signup required · Cmd+Enter to scan
This is why hardware security keys (FIDO2/WebAuthn) are the only 2FA method that reliably protects against phishing. They verify the domain name cryptographically, refusing to authenticate on fake sites regardless of how convincing they look.
Fake Exchange Apps
Counterfeit Binance and Coinbase apps appear on third-party app stores, direct download links in phishing emails, and occasionally even in official app stores before they're detected. These fake apps function identically to the real ones on the surface but send your credentials to the scammer's server.
Always download exchange apps from official sources: direct links on binance.com or coinbase.com, or through official app store listings verified by checking the developer name.
IsThisAScam's 6-layer detection system can analyze suspicious emails, links, and messages related to crypto exchanges, comparing them against our continuously updated database of known phishing domains and scam patterns.
Fake Customer Support on Social Media
The same pattern that plagues other platforms hits crypto exchanges especially hard. Tweet about a Binance or Coinbase problem, and within minutes you'll receive DMs from multiple accounts with names like "Binance_Support_Official" or "Coinbase_HelpDesk."
These fake support agents ask you to share your screen, provide login credentials, or connect your wallet to a "diagnostic tool" (which drains your funds). Some even have elaborate fake ticketing systems that look legitimate.
Real exchange support is accessed only through the exchange's website or app. Binance uses live chat through binance.com. Coinbase uses support tickets through help.coinbase.com.
The "Exchange Migration" Scam
Scammers send emails claiming that Binance or Coinbase is migrating to a new platform and all users must transfer their funds to a new address or create a new account on the "updated" site. The email links to a fake exchange that either collects credentials or provides a wallet address to which victims voluntarily send their crypto.
Airdrop and Bonus Scams
Messages claiming that an exchange is distributing free tokens to celebrate milestones:
"Coinbase is distributing 5,000 ETH to celebrate 100 million users! Claim your share — send 0.1 ETH to this address and receive 1.0 ETH back: 0x7a8B..."
No exchange will ever ask you to send cryptocurrency to receive more cryptocurrency. This is the crypto equivalent of the classic advance fee scam.
Protecting Your Exchange Accounts
- Use a hardware security key (YubiKey, Google Titan) for 2FA — it's the only phishing-resistant method
- If you can't use a hardware key, use an authenticator app (not SMS-based 2FA)
- Bookmark the exchange's official URL and always access it through your bookmark
- Enable withdrawal address whitelisting so funds can only be sent to pre-approved addresses
- Set up withdrawal confirmation emails and review every notification carefully
- Use anti-phishing codes (both Binance and Coinbase offer this feature — a custom word that appears in legitimate emails)
- Consider self-custody (hardware wallets) for long-term holdings
- Never share your screen with anyone claiming to be support
For more on securing your digital assets, see our guide on NFT scams on OpenSea and our comprehensive 2FA setup guide.
If you believe your exchange account has been compromised, immediately contact the exchange's official support, revoke all active sessions, change your password, and report the incident to law enforcement. Time is critical — scammers can drain accounts within minutes of gaining access.
Received something suspicious? Check it now for free →