ZH EN JA KO
Download Sign Up
Register via our exclusive referral link for permanent fee discounts — Sign Up →
All Registration KYC App Deposit P2P Futures Security Earn
Security Settings

How to Protect Your Binance Account from SIM Swap Attacks

· ~ 18 min read · ChainKer Editorial Team
Table of Contents
  1. What Is a SIM Swap Attack
  2. Step 1: Replace SMS Verification with Something More Secure
  3. Step 2: Set Up a Withdrawal Whitelist
  4. Step 3: Enable the Anti-Phishing Code
  5. Step 4: Lock Down Your Phone Number
  6. Step 5: Enable Multi-Factor Authentication Combinations
  7. Security Reminders
  8. Monthly Security Checklist
  9. FAQ

SIM swap attacks have become increasingly rampant in recent years. Quite a few crypto holders have had their phone numbers hijacked, resulting in their entire account balances being drained. It sounds scary, but if you take the right precautions ahead of time, you can reduce the risk to a bare minimum. Today I'll walk you through how to properly configure SIM-related security settings on the Binance official website. I'd recommend downloading the Binance official app so you can manage everything on the go. Apple users can follow the iOS installation guide.

What Is a SIM Swap Attack

Let's start with the basics. In a SIM swap attack, a bad actor uses various methods—such as social-engineering your carrier's customer service or forging your identity documents—to get your carrier to transfer your phone number to a new SIM card they control. Once that happens, your original SIM loses signal, and every SMS verification code sent to your number goes straight to the attacker.

You might wonder what this has to do with Binance. A lot, actually. If your Binance account uses SMS-based two-factor authentication and you don't have any additional protections in place, the attacker can use those intercepted codes to log in, change your password, and even withdraw your funds.

A Real-World Example

A friend of mine went through this last year. One day his phone suddenly lost signal. He thought it was a carrier issue, but when he called customer service, he found out someone had requested a SIM replacement. By the time he realized what had happened, most of the USDT in his Binance account had already been transferred out. It turned out someone had walked into a carrier store with a forged ID and got a replacement SIM.

So this is no joke—we need to take it seriously.

Step 1: Replace SMS Verification with Something More Secure

This is the most critical step. SMS verification is inherently insecure because it depends on your phone number, which can be stolen.

Enable Google Authenticator

  1. Open the Binance app and tap "Profile" in the bottom-right corner
  2. Go to "Security"
  3. Tap "Google Authenticator"
  4. Follow the prompts to download the Google Authenticator app
  5. Scan the QR code to link it
  6. Make sure to back up the secret key—write it down on paper and store it somewhere safe

Once Google Authenticator is enabled, every login and withdrawal requires a dynamic code that refreshes every 30 seconds. This code is generated locally on your device and has nothing to do with your phone number, so even if your SIM gets stolen, it's useless to the attacker.

Disable SMS Verification (or Reduce Its Permissions)

After setting up Google Authenticator, check your security settings to see if you can reduce SMS verification permissions. For example, you can set withdrawals to require only Google Authenticator plus email verification, without SMS. That way, even if someone takes over your phone number, they still can't do anything.

You can easily adjust these options on the security settings page of the Binance official website.

Step 2: Set Up a Withdrawal Whitelist

This feature is extremely important, yet many people don't know about it.

  1. Go to Security Settings and find "Withdrawal Whitelist"
  2. Enable the feature
  3. Add the withdrawal addresses you regularly use

Once enabled, you can only withdraw to whitelisted addresses. If someone hacks your account and tries to transfer your funds, they can't add a new address (adding one requires a 24-hour cooling period and triggers an email notification).

Think of this as a "lock within a lock" for your assets—incredibly practical.

Step 3: Enable the Anti-Phishing Code

Binance offers an "Anti-Phishing Code" feature. You set a secret word that only you know, and from then on, every email Binance sends you will include this word. If you receive an email claiming to be from Binance but it doesn't contain your code, it's fake.

How to set it up:

  1. Go to Security Settings
  2. Find "Anti-Phishing Code"
  3. Set a word that's easy for you to remember but hard for others to guess

This feature helps you spot phishing emails, and phishing is often the prelude to a SIM swap attack—attackers first steal your password through phishing, then get your verification codes through a SIM swap.

Step 4: Lock Down Your Phone Number

Beyond securing things on the Binance side, you also need to strengthen protection with your carrier.

Contact Your Carrier to Set a PIN

Most carriers support setting a service password or PIN for your SIM card. Once set, any changes to your number (such as SIM replacements or number porting) require this password.

Enable Your Carrier's SIM Lock

Some carriers offer a dedicated "SIM security lock" feature. Once activated, no one can get a replacement SIM at a retail store, even with your ID. Call your carrier's customer service to find out how to enable it.

Don't Expose Your Phone Number Everywhere

This sounds simple but many people fail to follow it. Avoid using your Binance-linked phone number to sign up for random websites. If any of those sites suffer a data breach, attackers can trace your information back to you.

Step 5: Enable Multi-Factor Authentication Combinations

In the security settings on the Binance official website, you can configure combinations of verification methods. Recommended setup:

  • Login verification: Email + Google Authenticator
  • Withdrawal verification: Email + Google Authenticator + Face recognition
  • Password changes: Email + Google Authenticator

The advantage of this layered approach is that an attacker would need to compromise multiple channels simultaneously, making the difficulty increase exponentially.

Security Reminders

Be sure to keep the following in mind:

  • Store your Google Authenticator backup key offline (write it on paper and put it in a safe). Never take a screenshot and save it to your phone's gallery
  • If your phone suddenly loses signal, contact your carrier immediately to check for unauthorized SIM replacement, and simultaneously log in to Binance to freeze your account
  • Regularly review Binance login history and device management—address anything suspicious immediately
  • Don't log in to Binance on public Wi-Fi
  • Binance will never ask you for verification codes via phone call or text. Block anyone who does this

Monthly Security Checklist

Spend 5 minutes each month checking these:

  1. Is Google Authenticator working properly
  2. Does the withdrawal whitelist contain only your own addresses
  3. Are there any unusual IPs in recent login records
  4. Is the anti-phishing code still active
  5. Are your carrier's security settings intact

Make this a habit and you can rest easy.

FAQ

What should I do if my phone number has already been stolen?

Don't panic. Immediately contact your carrier to suspend the number, then use a computer to log in to Binance and freeze your account in Security Settings. Once frozen, all operations are paused until you recover your phone number and unfreeze. If you discover assets have already been transferred, contact Binance support immediately and file a police report.

Is the risk higher with a virtual carrier?

Honestly, the risk is slightly higher. Virtual carriers may not have security management as strict as the major carriers. If possible, switch to a major carrier for the number linked to your Binance account, and ideally use it exclusively for security verification—don't register it elsewhere.

If I only use Google Authenticator without SMS verification, am I safe?

In most cases, yes. But I'd still recommend enabling email verification as well. Every additional layer of verification is an extra layer of protection. Use a reputable email provider like Gmail or Outlook, and enable two-step verification for the email account too.

Does Binance support hardware security keys like YubiKey?

Yes! Binance supports FIDO2 security keys. If you have a YubiKey or similar hardware key, you can add it in Security Settings. Hardware keys are currently the most secure verification method because they're physical devices that can't be compromised remotely.

Are SIM swap attacks common domestically?

Compared to other countries, SIM swap attacks are relatively less common in China due to real-name registration requirements, but they're not unheard of. Especially if you're active on social media and have exposed too much personal information, the risk remains. It's better to spend a little extra time on protection than to take chances.

Sign Up on Binance Now
Use our referral link to get permanent trading fee discounts
Sign Up Download APK

Download Binance App and Start Trading

Android APK direct download, no VPN required. iOS requires a non-China Apple ID.

Download APK Register Online
Related Articles