Yes right 👍

#CyberSecurity
A Rising Threat in 2025
A new wave of phone impersonation scams is sweeping through the crypto space. Posing as customer support, attackers are tricking users into changing their API settings under the guise of “urgent security updates.” Once permissions are expanded, scammers gain near-total access to accounts and can drain funds directly into their own wallets.
How the Scam Works
The Fake Call

Victims receive a convincing phone call from someone claiming to be support staff. The caller insists that immediate changes to API settings are required to “protect” the account.The API Trap

Users unknowingly expand permissions—such as enabling withdrawals—giving attackers full control. Because the changes appear to originate from the victim’s device, they bypass standard security checks.Real-World Fallout

Early cases show losses ranging from hundreds to several thousand USDT per victim. Many report shock and betrayal, believing they were protecting their funds when, in reality, they were being deceived.
Security Response
Crypto platforms are actively monitoring suspicious call patterns and unusual API activity to block attacker networks. Importantly, no legitimate platform ever initiates unsolicited phone calls to request security updates. Authentic updates are always communicated through official apps, verified emails, or websites.
How to Protect Your Account
Enable Strong 2FA

Always use two-factor authentication through an app or a hardware key. This ensures withdrawals require a second verification, even if an API is compromised.Use Passkey Authentication

A phishing-resistant method that strengthens account security and reduces the risk of API-based attacks.
Verify Communications

Never follow instructions from unsolicited calls, texts, or emails. If in doubt, confirm through official channels only.Secure Your API SettingsNever enable withdrawal permissions unless absolutely necessary
Rotate API keys regularlyReview permissions and activity frequentlySet Alerts & Monitor Daily

Turn on withdrawal alerts and monitor account activity to catch suspicious transactions early.Stay Educated

Familiarize yourself with emerging scams, fraud prevention guides, and security best practices. Report any suspicious calls immediately.
Why Awareness Matters
Timing & Urgency: Scammers strike when trading activity is high, exploiting users’ distraction.
API as the Weak Point: Expanded permissions give attackers the keys to the vault.Emotional Pressure: Calls are designed to create panic, urgency, and misplaced trust.
The rise of phone-based impersonation scams highlights one truth: vigilance is your strongest defense. By relying only on official communications, refusing to change API settings on someone else’s instructions, and strengthening account protections with tools like 2FA and passkeys, you can keep your assets safe.
Crypto platforms continue to enhance their security frameworks, but the most powerful shield is a well-informed and cautious user.