Binance and Coinhako users asked to give passwords and transfer crypto in fake emails, end up getting scammed
Watch out for fake SMS text messages and emails purportedly from cryptocurrency platforms, warned the police.
Users would be informed of fraudulent activities on platforms like Binance and Coinhako, claiming their accounts had suspicious logins or withdrawal requests.
To prevent these breaches, victims were told to contact customer support hotlines, usually starting with +65 3159.
During the call, scammers would guide victims to download the Trust app on their mobile devices to set up a Trust cryptocurrency wallet.
In some instances, victims would get WhatsApp calls from numbers starting with +44, +61, +66, where they were asked to screen-share with scammers to help set up wallets.
They would then be asked to transfer their virtual assets to the newly created wallet for security purposes and to disclose their login details such as usernames and passwords.
Victims only realised they were scammed when the scammers became uncontactable or asked for more transfers.
Since May 2025, there have been at least 31 reported cases of scams involving the impersonation of cryptocurrency platforms.
The police reminded members of the public that licensed crypto platforms in Singapore will never instruct users to transfer their virtual assets to another crypto wallet or account.
Platforms will never request login credentials, two-factor authentication codes, or seed/recovery phrases.
Members of the public are also encouraged to adopt the following precautionary measures:
- ADD – Add the ScamShield app to block calls and filter SMSes. Set transaction limits that are adequate for daily expenses, and lower transaction notification thresholds. Alert the bank immediately of any suspicious activity in your bank account. Activate the money lock feature of your bank to “lock up” a portion of your money so that it cannot be transferred out digitally by anyone. Set strong passwords for your wallets and online accounts. Do not share your private keys, recovery or seed phrases with anyone, and store them in physical form in a secure location. Always enable two-factor authentification for cryptocurrency exchange accounts, wallets, and other related services.
- CHECK – Regularly check your wallets and accounts for unauthorised transactions. Enable account activity notifications if it is available on the platform. Regularly review and revoke the use of high allowances by using blockchain explorers or wallet interfaces. Check for scam signs with official sources such as the ScamShield app. Call and check with the 24/7 ScamShield helpline at 1799.
- TELL – Tell the authorities, family, and friends if or when you encounter scams. If you suspect that you have fallen victim to a scam, call your bank immediately to block any fraudulent transactions and make a police report.
If you are or suspect that you are a victim of cryptocurrency-related crimes, you are advised to do the following immediately:
a. Contact your cryptocurrency exchange to halt further transactions or freeze your account, if possible.
b. Review and revoke any suspicious token approvals using applicable wallet interfaces.
c. If a wallet’s seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately.
d. Report the incident to the police. You may also report any fraudulent cryptocurrency phishing websites to CSA’s SingCERT at singcert@csa.gov.sg or via the incident reporting form at https://www.csa.gov.sg/singcert/reporting.
For more information on scams, members of the public can visit www.scamshield.gov.sg.
See something interesting? Contribute your story to us.
