In a dramatic reminder that even high-profile social media accounts are vulnerable, BNB Chain’s official X (formerly Twitter) account was compromised on October 1, 2025.
Once the attacker gained control, they posted multiple phishing links purporting to be airdrops or token reward events that requested users to “connect their wallets” via WalletConnect. The intention: trick unsuspecting users into granting malicious approval requests that would empty their wallets.
Changpeng “CZ” Zhao (co-founder of Binance / BNB ecosystem) was swift to react, tweeting strong warnings: “Do NOT connect your wallet”, notifying users that the posted links were malicious, and that his team and BNB Chain’s security partners were working urgently to suspend the account, restore access, and take down the phishing websites.
He also urged users to always double-check domains, even when links appear to come from verified or official accounts.
By mid-morning (UTC), BNB Chain confirmed that control of the account had been regained. However, before the takeover was reversed, the attacker reportedly managed to siphon off somewhere between US$8,000 and US$13,000 from victims who fell for the phishing traps. BNB Chain has pledged to fully reimburse affected users.
Anatomy of the Phishing Scheme & Suspected Actors
Security researchers have identified telltale signs of a classic but effective phishing scheme:
- The malicious domains mimicked legitimate ones by making subtle character changes (for example, replacing the letter “i” with “l”) to fool users at a glance.
- The phishing sites prompted users to connect wallets via WalletConnect, which is widely used to let users authorize transactions from external sites. But in this case, the approval would give the attacker control.
- SlowMist’s security team (specifically their CISO known as “23pds”) traced the infrastructure to the Inferno Drainer group: a phishing-as-a-service (PhaaS) operator that provides wallet-draining templates to affiliates.
- The fact that the attacker used a verified, official account to distribute the links increased the reach and perceived legitimacy of the scam. That tactic is particularly dangerous because many users implicitly trust verified or official accounts.
One public comment from 23pds criticized BNB Chain’s security posture, remarking:
“The BNB Chain team’s security awareness shouldn’t be this poor.”
Impacts, Reaction & Market Response
Financial Damage & Mitigation
While the dollar amount lost is modest compared to some crypto scams, the symbolic implications are far more serious. The fact that an official project account could be hijacked and used to harvest user funds speaks to the high risk of “social-layer” attacks in the crypto space.
BNB Chain’s rapid response—contacting X to restrict the account, filing takedown requests, and restoring access—helped contain further damage. The pledge to reimburse victims is also a key step for maintaining community trust.
Community & Meme Reaction
In an ironic twist, some community members responded to the hack with humor. After the hacker allegedly dumped tokens in a meme coin, some users bought up that coin further in mockery—turning the attack into a meme-driven rally. CZ himself even called it the “funniest comeback by the community.”
Market Stability
Surprisingly, the BNB token (BNB) held up relatively well. Reports suggest only a mild dip (around 1 % to 2 %) amid the incident, indicating that markets were largely unmoved by what was essentially a social media attack—not a vulnerability in the BNB Chain protocol itself. Because the core blockchain infrastructure and smart contracts remained untouched, the breach did not cause broader cascading effects.
About the Author
