Phishing scams are a growing threat in the crypto world. In 2024 alone, phishing attacks were responsible for nearly $1.05 billion in losses, according to CertiK’s Web3 Security Report. In early 2025, scammers stole millions more through sophisticated schemes like zero-value transfers and fake wallet upgrades. Adding to the risk, AI-powered phishing scams are on the rise, enabling attackers to craft highly personalized messages, fake support chats, and even deepfake calls that are harder to detect and faster to deploy.
Inflows and deposits from AI-powered scams | Source: ChainalysisAs a BingX user, you’re part of a fast-growing crypto ecosystem, but with opportunity comes risk. Scammers are constantly finding new ways to trick users. Fake websites, impersonated messages, and even AI-generated phone calls are now part of phishing playbooks.
This guide will help you understand how crypto phishing works, how to recognize a phishing scam, and the tools BingX provides to protect your assets. From email traps to malicious browser pop-ups, we’ll break it down step-by-step so you can trade with confidence.
What Is a Crypto Phishing Scam?
A crypto phishing scam is a type of cyberattack where scammers pretend to be someone you trust, like a crypto exchange, wallet provider, or customer support agent, to steal your sensitive information. Their goal is to gain access to your private keys, wallet seed phrases, or account login credentials so they can take control of your crypto assets.
Phishing scams take many forms, including:
1. Email phishing: These are fake emails that closely mimic legitimate platforms. They use copycat logos, designs, and even sender names to trick you into clicking malicious links or downloading harmful files. For example, an email claiming there’s an issue with your account that needs immediate attention.
2. Smishing (SMS phishing): Scammers send urgent-looking text messages that appear to be from your exchange or wallet app. These texts often include dangerous links disguised as account alerts or promotional offers. For instance, a text message offering a fake airdrop or bonus reward that requires you to click a link.
3. Vishing (voice phishing): You may receive a call from someone pretending to be a crypto platform representative. They might ask for your 2FA code, password, or seed phrase under the pretense of helping you with an issue. For example, a phone call from someone claiming to be from BingX support, asking for verification details.
4. Fake browser pop-ups: Some phishing attempts use deceptive pop-ups or overlays that appear when you visit fake or infected websites. These pop-ups might ask you to re-enter your wallet password or perform a fake security check.
Once you click the link or provide your information, the scammer captures your data. They may then log in to your account, drain your funds, or even transfer ownership of your wallet.
These phishing tactics are crafted to look as real as possible. But if you pause, inspect the details, and understand how these scams work, you can avoid falling for them. In the next section, you’ll learn how to recognize the warning signs before it's too late.
What Are Some Common Types of Crypto Phishing Attacks?
Phishing scams in crypto come in many forms, and they’re getting more advanced. Attackers use emails, text messages, fake websites, phone calls, and even AI to trick you into giving up your private keys or login credentials.
Let’s break down the most common phishing tactics and how they work, so you know what to watch out for.
1. Fake Emails (Email Phishing)
Example of an email phishing attemptEmail phishing is one of the oldest and most common tactics scammers use to target crypto users. These emails are carefully designed to look like they’re from trusted platforms such as BingX or other top crypto exchanges. Scammers often copy the platform’s logo, formatting, and writing style to appear convincing.
You might receive an email warning about suspicious account activity or asking you to verify your identity. These messages usually include a link that looks official, but it leads you to a fake website. The goal is to make you panic and click without thinking.
Tip: Always look at the sender's email address or typos closely. If it seems unusual or unfamiliar, don’t click anything.
2. Fake Websites (Copycat Sites & URL Spoofing)
Example of URL spoofing phishing attackFake websites are designed to mimic the login pages of real crypto platforms. Scammers create domains that look almost identical to the official ones, using tricks like swapping letters or adding extra characters. For example, bingx-secure.com instead of bingx.com.
If you enter your password, seed phrase, or 2FA code on one of these fake sites, the attacker can immediately access your account and steal your funds.
Tip: Bookmark the official BingX website and always access it directly, rather than clicking on links from emails or messages. Double-check the URL before logging in.
3. Smishing (SMS Phishing)
Example of a smishing (SMS phishing) attack | Source: Berkeley IT Lab
Smishing is a type of phishing attack that uses text messages to trick you into clicking malicious links. These messages are designed to look like they’re from your crypto exchange or wallet app. They often create a false sense of urgency, warning you of a suspicious login, offering a fake airdrop, or requesting immediate account verification.
For example, a user may receive an SMS such as, “🚨 Your BingX account is at risk. Click here to verify your identity now: http://bit.ly/bingx-help-center.” The links included usually lead to fake websites that steal your login details or wallet information.
Tip: Avoid clicking on links in unsolicited messages. Always verify alerts by logging into your account through the official app or website.
4. Vishing (Voice Phishing)
Vishing involves phone calls from scammers pretending to be BingX support agents, exchange staff, or bank representatives. The caller might claim there's suspicious activity on your account and ask for sensitive details like your 2FA code, password, or seed phrase to "help secure your funds."
These calls often use caller ID spoofing and AI-generated voices to sound convincing. But once you provide your information, the scammer can take over your account and transfer your assets.
Warning: BingX will never call you to request passwords, seed phrases, or verification codes. If you receive such a call, hang up immediately and report it.
5. Zero-Value Transfers & Address Poisoning
How an address poisoning scam works | Source: Chainalysis
This phishing tactic targets your transaction history, not your inbox. Scammers send zero-value token transfers from wallet addresses designed to look like your own, often matching the first and last few characters.
Later, when you go to send crypto and copy a recipient address from your recent transactions, you might mistakenly choose the scammer’s lookalike address. Since it appears familiar, you may not realize you’ve been tricked until it’s too late. For instance, in May 2025, a user lost $2.6 million in USDT in just three hours after falling for this trick twice. The scammer exploited address poisoning and transaction history to intercept two large transfers.
Defense Tip: Always double-check the entire wallet address before sending funds. Don’t rely on the first and last few characters. Consider using address labels or trusted address books within your wallet or exchange.
6. AI-Powered Phishing Attacks
How an AI-powered phishing scam operates | Source: WeSecureApp
Artificial Intelligence (AI) has given scammers new ways to make phishing attacks more convincing, scalable, and dangerous. Chainalysis reported that in 2025, over 60% of scam-related deposits were linked to AI-powered phishing campaigns. These scams are not only growing rapidly, they’re becoming harder for users to recognize.
AI tools allow attackers to:
• Generate realistic fake support conversations using chatbots that mimic official tone and formatting
• Create deepfake videos or voice calls that sound like real exchange representatives or even people you know
• Send personalized phishing emails using your name, transaction history, or platform usage patterns
These attacks are harder to detect because they feel more human and relevant. Some even include fake 2FA requests or security alerts that closely match real messages.
For instance, scammers could send posing as BingX’s “Security Operations Team,” claiming that users need to verify their identity due to unusual account activity. The emails could use BingX branding, including a fabricated anti-phishing code, and link to a realistic fake login page. The same scammers could also make fake follow-up calls using AI-generated voices that mimick BingX support agents. Victims who enter their credentials on the fake site could have their accounts drained within minutes.
Security Reminder: If a message or call feels unusually personalized or offers high rewards for quick action, pause and verify. Go directly to the official app or website instead of responding to emails, pop-ups, or DMs.
7. Telegram Phishing (Fake Bots and Admins)
Example of Telegram phishing attack | Source: Bank of Singapore
Telegram is a popular platform for crypto communities, but also a hotspot for phishing scams. Scammers often create fake BingX bots or impersonate admins, sending users direct messages about giveaways, trading errors, or urgent account issues.
They may include malicious links, ask for your seed phrase, or direct you to a fake BingX support portal. These messages often use BingX’s logo and language to appear legitimate, and may even include screenshots to look more convincing.
For instance, you join a BingX community, and a “support bot” DMs you offering to fix a deposit error. It asks for your wallet recovery phrase to "complete the refund." Once entered, your funds are gone.
Remember, BingX official staff will never add friends privately. Any Telegram account pretending to be BingX official staff is fake, please do not believe it.
Tip: BingX admins will never DM you first. Always verify with the official group and report suspicious users or bots immediately.
8. App Store Phishing (Fake Apps)
Fake crypto app listing on an app store | Source: Sophos
Scammers also target users through fake mobile apps. These apps may appear in third-party app stores, or even temporarily sneak into official ones, masquerading as legitimate tools from BingX, wallets, or trading platforms.
These apps look and behave like the real thing but are designed to harvest your login credentials, track keystrokes, or mimic wallet interfaces to steal funds.
Consider an example: a user downloads what looks like the BingX mobile app from a third-party app store. After logging in, the app sends their credentials to attackers, who then drain their account.
Tip: Always download apps from verified sources, such as the official BingX website, Apple App Store, or Google Play Store. Double-check the developer name and app reviews before installing.
9. Social Media Phishing (Fake X/Twitter Accounts & Giveaways)
Example of a Twitter/X phishing scam | Source: Kaspersky
X (formerly Twitter) is a key platform for crypto news and updates, but it’s also a prime target for phishing scams. Attackers impersonate official BingX or influencer accounts, often promoting fake giveaways or airdrops that require you to “verify” your wallet or sign a transaction. These scams can include doctored screenshots of fake replies from verified users, QR codes, and malicious links disguised as legitimate event pages.
For example, a fake @BingX_Exchange account may reply to trending threads with posts like: “🎉 BingX is giving away 5,000 USDT to celebrate our new listing! Connect your wallet to claim: [phishing link].” These pages often steal private keys or trick users into signing a malicious contract.
Tip: Never trust giveaway links from replies or DMs. Always cross-check announcements via the official BingX X account (@BingXOfficial) or website.
10. Fake Chat App Phishing (Zoom or WhatsApp Impersonation)
Example of a Zoom phishing scam | Source: BleepingComputer
Phishers increasingly exploit video conferencing tools like Zoom, Microsoft Teams, or WhatsApp to impersonate exchange staff or crypto advisors. You might receive a calendar invite or message claiming to offer technical support, investment help, or “portfolio reviews.” These scams are often staged to build trust first, and then push you into screen sharing or entering sensitive information during the call.
In one tactic, scammers posing as BingX “account recovery specialists” invite victims to a Zoom meeting to resolve a trading issue. During the call, they ask users to log in to their wallet or trading account, often persuading them to reveal their 2FA code live on-screen. Minutes later, the victim’s funds vanish.
Tip: BingX does not conduct account reviews via Zoom or private messaging apps. If someone claims to represent BingX and asks to schedule a call, report and block them.
Why Do Phishing Attacks Succeed?
A phishing scam, especially in the world of crypto, relies on urgency, fear, and familiarity. Scammers want you to react quickly, before you think. They mimic trusted platforms and use technology to hide their true intent.
But once you understand how these attacks work, you’ll be able to spot them more easily and take the right steps to protect your assets. In the next section, we’ll show you exactly how to recognize a phishing scam, and the red flags you should never ignore.
How to Spot a Phishing Scam: Top Tips
Phishing messages often look convincing, but a few red flags give them away.
1. Generic Greetings & Urgent Tone: Scammers rarely address you by name. Instead, they start with vague phrases like “Dear user” or “Account holder.” They use urgent language, claiming your account is at risk or a transaction needs verification. Their goal is to make you panic and act fast.
2. Grammar and Spelling Mistakes: Professional platforms like BingX don’t send messages with sloppy grammar. Phishing emails often contain spelling errors, awkward phrasing, or inconsistent formatting.
3. Mismatched URLs and Short Links: Hover over any link before clicking. If the URL doesn’t match the official domain, bingx.com, don’t trust it. Scammers use shorteners (like bit.ly) or lookalike domains to hide fake links.
4. Impersonated Domains and Sender IDs: Attackers might send emails from addresses like support@bingx-secure.com or text you from a spoofed sender ID. Even if it looks legitimate at a glance, always check the full address. When in doubt, go directly to the BingX website or app.
How to Avoid Phishing Scams as a BingX User
Staying safe in crypto requires both smart habits and the right tools. Here’s how to protect your BingX account and digital assets.
1. Maintain Personal Vigilance
• Bookmark Official Sites: Always access BingX through the official URL: www.bingx.com. Don’t click links from emails or messages unless you're sure they’re real.
• Use Strong, Unique Passwords: Create complex passwords for each of your crypto accounts. Use a password manager to store them safely.
• Enable Two-Factor Authentication (2FA): Turn on 2FA for both your BingX account and your email. This adds an extra layer of security, even if your password is leaked.
• Update Your Software: Keep your phone, apps, and antivirus software updated to defend against malware and phishing tools.
• Avoid Public Wi‑Fi or Use a VPN: Don’t log in to crypto platforms over unsecured networks. A trusted VPN adds a layer of protection.
2. Use BingX-Specific Security Features
BingX offers powerful tools to help secure your account.
1. Set Up an Anti‑Phishing Code: When enabled, this code appears in all official emails from BingX. It helps you verify that the message is real. You can activate it in the “Account & Security” section of your BingX profile. Here's a guide to help you set up an anti-phishing code on your BingX account.
BingX anti-phishing code
2. Enable Withdrawal Whitelist: This feature allows you to pre-approve wallet addresses for withdrawals. Even if someone gains access to your account, they can't send funds elsewhere.
Withdrawal whitelist on BingX
3. Use the Account Lock Feature: If you detect suspicious activity, use the one-click account lock to freeze access and stop any ongoing threats.
Lock your BingX account on suspicious activity
4. Verify Official Channels: Only download the BingX app from the App Store, Google Play, or the official BingX website. Double-check support links and community pages through BingX's verification portal.
BingX Verify
3. Leverage BingX's Platform-Level Authentication
Behind the scenes, BingX uses advanced email verification standards like DKIM, SPF, and DMARC. These protocols help block spoofed emails and ensure official messages truly come from BingX.
Still, it’s up to you to recognize signs of phishing and avoid clicking on risky links.
What to Do If You Suspect a Phishing Scam?
If you suspect a phishing attack, act fast. Time is critical.
1. Disconnect Immediately: Change your passwords right away. Start with your BingX account, email, and any linked wallets. Revoke active sessions on all devices. Log out everywhere and avoid using compromised devices until they’re scanned for malware.
2. Contact BingX Support: Reach out to BingX’s official support team at support@bingx.com or via the in-app chat. If necessary, create a new account and explain the situation to support staff.
3. Transfer Assets to a Safe Wallet: If your wallet is compromised, move your funds to a new, secure wallet. Use a hardware wallet or one you’re sure is clean and under your control.
4. Report the Scam: Don’t stay silent. Report the incident to: BingX support, relevant authorities in your country (e.g. FTC in the U.S.), and crypto security communities (to alert others). Your report could help recover stolen funds, or prevent others from becoming victims.
Conclusion: Stay Informed, Stay Secure
Phishing scams are constantly evolving, but with the right tools and knowledge, you can stay ahead. The best defense starts with awareness and ends with action.
Stay updated by following trusted security sources like Chainalysis, CertiK, and Scam Sniffer. These platforms share real-time alerts on phishing campaigns, crypto hacks, and new scam tactics.
BingX also provides ongoing updates, webinars, and safety tips through its official channels. Make sure you’re connected to the latest security developments via the BingX blog and BingX Academy.
But don’t stop there, make sure to spread the word. Share what you’ve learned with friends and family. Helping others recognize phishing risks makes the entire crypto community safer.
Here’s a quick recap of what you can do:
• Be skeptical of urgent messages and suspicious links
• Bookmark official websites and avoid shortcuts
• Use strong passwords, 2FA, and enable your anti-phishing code
• Activate the withdrawal whitelist and lock your account in emergencies
• Keep all your devices and security tools up to date
Your BingX account, and your crypto assets, are worth protecting. Stay safe. Stay in control.
