The official X account of the BNB Chain blockchain network, with nearly four million followers, was compromised on Wednesday. Hackers used the account to spread phishing links targeting cryptocurrency wallets.
Binance founder Changpeng “CZ” Zhao confirmed the incident, warning his followers not to interact with the malicious posts containing phishing links. “The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet,” CZ wrote.
He added that BNB Chain’s security teams have notified X and are working to suspend the account and restore access. Zhao said takedown requests for the phishing sites have already been submitted.
A BNB Chain team member told Cointelegraph that their team is currently investigating and will share more information shortly.
Phishing links disguised as Wallet Connect prompts
SlowMist’s chief information security officer, who goes by the handle 23pds on X, said attackers used a classic trick, swapping letters in the phishing domain to make it appear legitimate.
“BNB Chain’s English official X account has been hacked! The phishing website changed the letter i into l,” 23pds posted, warning users not to be deceived. The security professional also suggested that the malicious domain belongs to the infamous Inferno phishing group.
The Inferno Drainer is a crypto wallet-draining software and phishing-as-a-service platform that emerged around 2022 and gained notoriety in 2023. It operates by allowing its affiliates to deploy ready-made phishing sites that mimic legitimate crypto project interfaces.
The incident highlights challenges in protecting official crypto project accounts from takeovers. The SlowMist CISO suggested that the breach raises questions about the team’s security practices.
“The BNB Chain team’s security awareness shouldn’t be this poor,” 23pds said.
Related: Hide your crypto: Infamous ‘try my game’ Discord scam on the rise
CZ warns users to check domains carefully
In his X post, Zhao advised community members to always check domains even when the links are coming from official or verified social handles. “Always check the domains very carefully, even from official X handles. Stay SAFU!” he wrote.
At the time of writing, the phishing posts were no longer visible, yet it remains uncertain whether any users connected their wallets or lost funds.
Magazine: Avalanche in deal with ETF giant, yuan stablecoin ‘fake news’: Asia Express
