On October 1, 2025, hackers took control of BNB Chain’s official X account and flooded it with fake airdrop links designed to steal cryptocurrency from unsuspecting users.
The account, which had 3.6 million followers at the time of the attack, became a platform for one of the latest phishing attacks targeting the crypto community.
Former Binance CEO Changpeng Zhao, known as CZ, quickly warned users about the breach. “ALERT: The @BNBCHAIN X account is compromised. The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet,” CZ stated on his own X account.
The Attack Strategy
The hackers used a simple but effective tactic. They posted multiple messages about a fake “BNB HODLer Airdrop” with links leading to fraudulent websites. These sites looked legitimate and asked users to connect their crypto wallets through WalletConnect, a popular tool for accessing blockchain applications.
If someone connected their wallet to these fake sites, hackers could potentially drain all their cryptocurrency. The attackers even posted “$4” alongside the phrase “FOR THE MEME” with CZ’s picture and a wallet address, pinning it to the top of the account for maximum visibility.
The compromised posts directed users to a fake website pretending to be “bnbchain.org.” Multiple posts about the same fraudulent airdrop appeared throughout the hack, creating a sense of urgency and legitimacy.
Swift Security Response
Binance’s security team moved quickly once they discovered the breach. They contacted X (formerly Twitter) to temporarily suspend the compromised account and stop the spread of malicious links. The team also filed takedown requests for all phishing websites associated with the attack.
CZ emphasized an important security lesson: “Always check the domains very carefully, even from official X handles. Stay SAFU!” The term “SAFU” (Secure Asset Fund for Users) is commonly used in the Binance community to indicate security.
Source: @cz_binance
Both the English and Chinese BNB Chain accounts confirmed the hack. The Chinese account informed users that the English X account was “under repair” and urged everyone not to click any links. By 06:00 AM UTC on October 1, the fraudulent posts became unavailable.
Market Stays Calm
Despite the security breach, BNB token holders didn’t panic. The token’s price dropped only 1.08% in 24 hours, trading at around $1,010. This mild reaction shows that investors trusted Binance’s ability to handle the situation.
The calm market response also reflected an important detail: no actual blockchain hack occurred. Unlike many crypto security incidents where funds are stolen from smart contracts or wallets, this attack only compromised a social media account. All cryptocurrency stored on the BNB Chain remained secure.
How Did Hackers Get In?
Security experts offered theories about how the breach happened. Ilan Rakhmanov, CEO of ChainGPT, suggested that someone on the BNB team might have accidentally given posting permissions to a malicious third-party application without realizing it was dangerous.
Independent researcher Shanaka Anslem Perera called it a “social-layer attack” because the blockchain itself wasn’t compromised—only the X account. He recommended that BNB Chain publish a detailed report about what happened so other crypto projects can learn from the incident and strengthen their security.
The fact that BNB Chain’s account had a golden checkmark (verified status) yet still got hacked raised concerns. Users questioned X’s security measures, with some asking what the point of paying for verification is if it doesn’t prevent these attacks.
Part of a Larger Pattern
This hack wasn’t an isolated incident. Throughout 2025, several high-profile X accounts in the crypto space have been compromised. In February, Pump.fun’s official account was used to announce a fake token. That same month, a WIRED reporter’s account promoted a fraudulent WIRED-branded token.
Even government officials haven’t been safe. In March, Ghana President John Mahama’s X account was hacked to promote “Solanafrica,” a fake token on the Solana network. In April, UK government minister Lucy Powell’s account advertised a bogus digital currency.
These repeated attacks show that social media platforms remain vulnerable, even when accounts have verification and strong follower bases.
Lessons for Crypto Users
This incident teaches several important lessons. First, always verify website URLs carefully, even if a link comes from an official account. Hackers can compromise any account, regardless of verification status.
Second, be suspicious of unexpected airdrops or giveaways. Legitimate projects rarely ask you to connect your wallet to claim rewards through random links. If something seems too good to be true, it probably is.
Third, never connect your wallet to unfamiliar websites without doing research first. Once you give a malicious site access to your wallet, recovering stolen funds becomes nearly impossible.
The Road Forward
While no official compensation has been announced for victims who connected their wallets, the quick response from Binance’s security team prevented wider damage. The incident highlights that crypto security isn’t just about protecting blockchain networks—social media security matters just as much.
Some community members have asked whether X needs better security measures for high-profile accounts, especially those related to financial services. The repeated compromises suggest current protections may not be enough.
Bottom Line: Trust, Then Verify
The BNB Chain X account hack serves as a reminder that in crypto, verification is everything. Even messages from official accounts need a second look. The good news is that quick action limited the damage, and the blockchain itself stayed secure. But as social media attacks become more common, users must stay alert. Check every link twice, question unexpected offers, and remember: legitimate crypto projects rarely ask you to urgently connect your wallet through social media posts.
Source: https://bravenewcoin.com/insights/bnb-chains-official-x-account-hacked-cz-warns-of-phishing-links