Changpeng Zhao (CZ), the co-founder and former CEO of Binance, has issued a critical alert to the cryptocurrency community concerning the escalating threat of phishing attacks. 

In a recent post on the X platform, Zhao emphasized the importance of user awareness and caution, stating that legitimate customer support representatives will never ask for personal passwords. 

A few security tips on preventing phishing attacks.

– Never give your password to a "Helpdesk Agent". The real support agents will never need it.
– Don’t click on links you receive in emails. Login to your account only by typing in the URL or through a bookmark. Triple check…

— CZ 🔶 BNB (@cz_binance) May 15, 2025

He warned that many phishing attempts begin with fake customer service contacts or seemingly official emails, designed to trick users into revealing sensitive information or clicking on malicious links. 

With the crypto space increasingly targeted by cybercriminals, Zhao’s timely advisory seeks to reinforce user vigilance.

Practical Security Tips Shared to Combat Phishing Scams

In the detailed warning, Zhao outlined four essential guidelines aimed at helping users protect themselves against phishing attempts. 

First, he stressed that users must never disclose their passwords to anyone, especially individuals claiming to be support agents. 

Second, he warned against clicking on links received via unsolicited emails, urging users to instead access crypto platforms by manually typing the official URL or using a secure bookmark. 

Before entering login credentials, users should triple-check the website’s authenticity to avoid falling prey to fake login pages that closely mimic legitimate ones.

Also Read: Binance Co-Founder CZ Critics Shaky Bitcoin Holders’ Lack Of Deep Understanding of Tech, Finance and Global Trends

Password Hygiene and 2FA Highlighted as Critical Defenses

Zhao also advised crypto users to maintain strong password hygiene by avoiding the use of the same password across multiple platforms. 

He recommended the use of password managers, which can securely generate and store unique passwords for different sites, an essential tool in reducing vulnerability to phishing attacks. 

Notably, he emphasized that a password manager will not autofill credentials on lookalike domains, offering an added layer of protection against fraudulent websites. 

Additionally, Zhao urged users to adopt hardware-based two-factor authentication (2FA) devices such as Yubikey, which significantly reduce the chances of account breaches by requiring physical verification during login attempts.

A Call for Proactive Security in a Risk-Filled Crypto Environment

Zhao’s public advisory serves as both a warning and a guide, underlining the critical role of user behavior in crypto security. 

His message comes at a time when phishing campaigns are growing more sophisticated, often leveraging fake branding and cloned websites to deceive unsuspecting users. 

By promoting proactive measures like hardware 2FA, strong password management, and URL verification, Zhao aims to arm users with the knowledge and tools needed to safeguard their digital assets. 

As cyber threats become more advanced, his leadership continues to emphasize the shared responsibility between platforms and users in maintaining security within the crypto ecosystem.

Also Read: Binance’s CZ Calls for Peace Amid India-Pakistan Tensions: “Let’s Compete Through Innovation, Not War”

Security Advisory Comes Amid String of High-Profile Phishing Incidents

Zhao’s alert comes at a time of intensified phishing activity in the crypto world, with several high-profile incidents making headlines. 

Cointelegraph’s X account is suspected to have been compromised and used to send phishing DMs linking to a counterfeit version of its site. 

The attack exploited the credibility of a verified account to trick users into handing over their credentials. 

In a separate case, crypto investigators uncovered phishing scams involving fake Zoom meeting links and deepfake video calls, targeting project leaders with malware capable of accessing wallets and backend systems. 

These increasingly sophisticated methods highlight the evolving nature of phishing threats and reinforce the urgency behind CZ’s warnings.

Ironically, even cybercriminals aren’t immune to phishing.

A hacker who stole $5.4 million in Ethereum from zkLend ended up falling victim to a phishing scam while trying to launder the stolen funds through Tornado Cash. 

Zhao’s warning and practical advice are timely and essential, offering crypto participants of all levels a renewed sense of urgency.

These aim to implement proactive, layered security measures to protect their assets in an increasingly hostile digital environment.

Also Read: Binance’s CZ Says He Isn’t a Memecoin Trader but Supports the Community, Predicts $BTC $500k to $1M