The official X account of BNB Chain was compromised in a coordinated phishing attack aimed at stealing user wallet credentials, prompting a swift warning from Binance founder Changpeng Zhao (CZ).
Key Takeaways
- BNB Chain’s official X account was hijacked and used to post links to phishing websites disguised as airdrop offers.
- Hackers promoted a fake meme coin and a bogus $BSC airdrop through the compromised account.
- CZ confirmed the hack and urged users not to interact with suspicious links, especially Wallet Connect prompts.
- The phishing scheme is tied to the notorious Inferno Drainer group, known for running phishing-as-a-service operations.
What Happened?
On Wednesday, the official English-language X account of BNB Chain, formerly known as Binance Smart Chain, was hijacked by hackers. The attackers used the account, which has nearly four million followers, to post a series of fraudulent airdrop offers and a meme coin promotion. These posts contained phishing links designed to steal crypto wallet credentials via Wallet Connect prompts.
Bait and Trap: The Phishing Attack
The attack followed a familiar pattern seen in previous crypto scams. Hackers posted fake promotional content, encouraging users to connect their wallets to claim early rewards, such as $BSC tokens within 24 hours. The links led to a malicious site masquerading as a BNB Chain page, using a domain name that closely mimicked the original by altering a single character.
Security researcher 23pds from blockchain security firm SlowMist noted that the phishing site swapped the letter “i” with “l” to deceive users. He warned that the infrastructure behind the domain appeared to be linked to the Inferno Drainer group, which has gained notoriety since 2022 for running wallet-draining operations and selling phishing site templates.
CZ quickly addressed the situation via his personal X account, stating, “Do NOT connect your wallet. The hacker posted links to phishing websites.” He confirmed that Binance’s security team had contacted X to suspend the compromised account and submitted takedown requests to remove the phishing domains.
ALERT 🚨: The @BNBCHAIN X account is compromised.
— CZ 🔶 BNB (@cz_binance) October 1, 2025
The hacker posted a bunch of links to phishing websites that ask for Wallet Connect.
Do NOT connect your wallet.
Security teams have notified X already, working to suspend the account first, then restore access.
Also take-down… https://t.co/QeEnCCbFZe
Security Questions and Community Concerns
While no direct losses have been reported yet, the breach has raised concerns about security practices at major crypto projects, especially when their official social media handles are compromised.
This incident also adds to a growing list of high-profile social media hacks in the crypto space during 2025. Earlier this year, the accounts of Pump.fun, a WIRED journalist, former Ghanaian president John Mahama, and UK Minister Lucy Powell were all used to promote fake tokens and scams.
CZ reiterated a key rule for users, writing, “Always check the domains very carefully, even from official X handles. Stay SAFU!” His warning highlights the ongoing need for vigilance, even when engaging with verified or official sources.
BNB Price and Market Reaction
Despite the security breach, BNB’s price remained relatively stable, dropping only 1.83% to $1,010 before regaining support above the $1,000 level. The token has held strong amid the broader market’s bullish trend heading into October, a period traders have dubbed “Uptober.”
Market analysts observed a strong stablecoin inflow into BNB Chain and pointed out a breakout above the $780 to $800 resistance zone, which now acts as a solid support level. Price targets remain bullish, with potential for a move toward $1,100 and even $1,200 if momentum continues.
CoinLaw’s Takeaway
In my experience, these kinds of phishing attacks are getting harder to detect because they cleverly mimic legitimate platforms. I’ve seen way too many users fall victim just by trusting verified handles. This BNB Chain breach is a wake-up call. Even the most trusted sources can be compromised. What stands out to me is how fast CZ and the team acted, but it still shows that no one is immune in this space. Always double-check every link, especially when connecting your wallet. Better safe than sorry.
