Key highlights:
- Hackers used BNB Chain’s X account to share phishing sites
- Inferno Drainer group suspected in the crypto wallet scam
- Security experts question BNB Chain’s protection practices
BNB chain’s X account hacked to spread phishing links
The official BNB Chain account on X, followed by nearly 4 million users, was compromised by hackers who used it to promote phishing links targeting cryptocurrency wallets.
Binance founder Changpeng Zhao confirmed the incident, warning his followers to avoid any links shared during the attack. “The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet,” Zhao wrote.
ALERT 🚨: The @BNBCHAIN X account is compromised.
The hacker posted a bunch of links to phishing websites that ask for Wallet Connect.
Do NOT connect your wallet.
Security teams have notified X already, working to suspend the account first, then restore access.
Also take-down… https://t.co/QeEnCCbFZe
— CZ 🔶 BNB (@cz_binance) October 1, 2025
He added that security teams from BNB Chain had already notified X and were working to block the attackers and recover access.
Requests to take down the malicious phishing domains have also been filed. A BNB Chain representative later told Cointelegraph that specialists are investigating and will share updates.
Inferno suspected behind phishing attack
The hackers used a common trick, disguising their phishing domains by replacing characters within official-looking addresses. Security researcher “23pds,” Chief Information Security Officer at blockchain security firm SlowMist, explained that the phishing sites replaced the lowercase letter “i” with “l” to deceive users.
Source: X
“The official BNB Chain account on X has been hacked! The phishing site replaced the letter i with l,” he wrote, cautioning users not to interact with the domains. He suggested that the attack was linked to the notorious Inferno Drainer group.
Inferno Drainer gained notoriety in 2023 as an affiliate phishing platform, allowing users to deploy ready-made fake websites that mimic legitimate crypto projects to harvest victims’ wallets.
SlowMist’s officer voiced concerns about the BNB Chain team’s defenses: “The BNB Chain team’s security awareness shouldn’t be this low.”
Zhao urges careful domain checks
In his post, Zhao reminded the community that even content from verified or official accounts must be handled with care: “Always check domains carefully, even if they appear to come from official X accounts.”
At the time of writing, the phishing links were removed from the hacked account. It remains unclear, however, if users connected their wallets during the breach or lost funds.
Kraken: Best crypto exchange for security & reliability
- Buy, sell, and trade 400+ cryptocurrencies with industry-leading security
- Spot, Futures & Margin trading – leverage up to 5x for advanced traders
- Earn rewards with staking on top cryptocurrencies
- 24/7 customer support and high liquidity for fast trades
- Regulated in the US with strong compliance and security measures
- 13+ million users worldwide
Get Started on Kraken