The BNB Chain official account on X, with nearly 4 million followers, was hijacked in a phishing campaign that tricked users into connecting their crypto wallets via malicious WalletConnect links. Over the course of a few hours, around 10 fraudulent posts appeared, including one bizarre message offering “$4 for a meme” alongside a photo of Changpeng Zhao (CZ), the former Binance CEO. Unfortunately, unsuspecting users lost between $8,000 and $13,000 to the attack before the posts were removed.
CZ quickly acknowledged the breach in his blog, confirming that both the Binance and BNB Chain teams regained control of the account, deleted the phishing posts, and promised full reimbursement to victims. In his statement, CZ hinted that the compromise might be linked to KYC-related procedures, suggesting the hacker went through significant risk for minimal reward, adding that they “could have earned more by building something useful.”
Security researchers have tied the incident to the Inferno Drainer network, a well-known operation specializing in large-scale phishing schemes. The hackers relied on homoglyph domains (using similar-looking characters such as “i” → “l”) to trick victims into granting access to their wallets. Cybersecurity firms, including SlowMist, have since released technical breakdowns of the phishing infrastructure and offered recommendations for rapid response.
This attack highlights a growing trend: verified corporate accounts on X are prime targets for phishing campaigns. Between 2024 and 2025, numerous major brands were compromised. MicroStrategy’s account was hijacked to promote a fake airdrop, OpenAI’s press account was used to push a ghost token, and Nasdaq’s account was exploited to inflate a meme coin named STONKS, which briefly hit a market cap of $85 million before collapsing. In August, the UK crypto platform Lykke was forced to shut down entirely after a similar breach. While many incidents failed to generate major financial losses, they severely damaged trust in social media as a reliable communication channel.
For crypto holders, the lessons are clear: never connect wallets through suspicious domains, always double-check URLs, rely on hardware wallets for large sums, and immediately report suspicious activity. For organizations, the Binance hack underscores the need for stronger MFA controls, regular audits of third-party app permissions, and an established rapid incident response plan to isolate compromised accounts before large-scale damage occurs.
Conclusion: The BNB Chain account hack serves as another reminder that social engineering and phishing remain some of the most effective tools in a hacker’s arsenal. Even verified accounts can be weaponized against unsuspecting users, making vigilance, user education, and enhanced security controls absolutely essential.
