The official X (formerly Twitter) account of BNB Chain was compromised in a phishing attack, prompting urgent warnings from Binance co-founder Changpeng Zhao.
Quick Summary – TLDR:
- BNB Chain’s X account was hacked, posting fake airdrop links leading to phishing sites.
- CZ confirmed the breach, warning users not to click or connect wallets via suspicious links.
- The phishing posts lured users through WalletConnect, a common crypto access tool.
- No confirmed financial losses reported, and Binance is coordinating takedowns and investigations.
What Happened?
On Wednesday, during early Asian trading hours, the official X account of BNB Chain was hijacked by unknown attackers. The hackers used the verified platform to promote a fraudulent “BNB HODLer Airdrop,” directing users to phishing websites designed to steal wallet credentials. Binance founder CZ quickly acknowledged the breach and urged users to ignore the malicious content.
BNB Chain Account Compromised in Phishing Scam
The phishing campaign involved multiple posts from the compromised BNB Chain account. These messages claimed users could receive early BNB or BSC rewards if they clicked a link and connected their wallets through WalletConnect. WalletConnect is a legitimate tool used in decentralized apps, but in this case, it was exploited to drain digital assets from unsuspecting users.
- The phishing posts linked to fake Binance-themed websites with slightly altered domain names.
- Users who followed the link and connected their wallets risked exposing their assets to theft.
- The post’s format and branding made it appear official, increasing its chances of deceiving users.
CZ’s Response and Binance’s Action
Changpeng Zhao, widely known as CZ, was among the first to raise an alarm. Posting from his personal X account, CZ wrote, “ALERT: The BNB Chain X account is compromised. The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet.”
ALERT 🚨: The @BNBCHAIN X account is compromised.
— CZ 🔶 BNB (@cz_binance) October 1, 2025
The hacker posted a bunch of links to phishing websites that ask for Wallet Connect.
Do NOT connect your wallet.
Security teams have notified X already, working to suspend the account first, then restore access.
Also take-down… https://t.co/QeEnCCbFZe
He also emphasized caution even when posts appear on verified accounts: “Always check the domains very carefully, even from official X handles. Stay SAFU!”
Following the alert:
- Binance’s security team filed takedown requests for the phishing sites.
- X was notified to suspend and secure the compromised account.
- The phishing posts were eventually removed, although traces remained temporarily visible to some users.
No Financial Losses Reported
Despite the severity of the breach, no user losses have been confirmed as of now. The crypto community responded quickly, flagging the posts and amplifying CZ’s warning. This rapid reaction likely prevented wider damage.
BNB’s price showed minimal impact, slipping only about 1 percent following the hack. As of reporting, it was trading around $1,010, suggesting investor confidence remained intact thanks to Binance’s swift response.
Phishing Scams Continue to Plague Crypto Platforms
This incident highlights an ongoing threat in the crypto world: phishing attacks via official social media accounts. Hackers frequently target verified handles due to the high level of trust they carry.
Earlier this year, a similar phishing scam was conducted through the hijacked X account of Kenya’s former Prime Minister, where users were duped into a fake “Kenya Token” campaign.
Binance’s latest breach underlines how phishing tactics are evolving, often using legitimate tools like WalletConnect to gain access to user wallets.
SQ Magazine Takeaway
Honestly, I find it troubling how easy it’s becoming for hackers to exploit even verified crypto accounts. If a massive brand like BNB Chain can get hit, it’s a wake-up call for all of us in the crypto space. The takeaway? Never trust a link just because it comes from a blue checkmark. Always double-check the URL, and if something sounds too good to be true, it probably is. Kudos to CZ for the quick response, but platforms like X need to beef up account security to stop this from happening again.
