TLDR
- The official BNB Chain X account was compromised on October 1, 2025, with hackers posting fake airdrop links
- Binance co-founder CZ warned users not to click any links from the account while security teams work to regain access
- The fraudulent posts promised early BSC rewards to users who participated in a fake voting system within 24 hours
- Security teams notified X to suspend the account and issued takedown requests for phishing websites
- BNB token price dipped 0.95% following the hack, approaching the $1,000 threshold
The official X account for BNB Chain was hacked on October 1, prompting urgent warnings from Binance co-founder Changpeng Zhao. The compromised account began posting fraudulent links designed to trick users into connecting their wallets.
ALERT 🚨: The @BNBCHAIN X account is compromised.
The hacker posted a bunch of links to phishing websites that ask for Wallet Connect.
Do NOT connect your wallet.
Security teams have notified X already, working to suspend the account first, then restore access.
Also take-down… https://t.co/QeEnCCbFZe
— CZ 🔶 BNB (@cz_binance) October 1, 2025
CZ issued an immediate alert on Wednesday morning. He told users to avoid clicking any recent links from the BNB Chain account. The security team started investigating the breach right away.
The hackers posted messages about a fake HODLer airdrop event. These posts included links to a fraudulent website claiming to be “bnbchain.org.” The site promised early BSC rewards to participants.
The fake posts invited users to vote on an upcoming rewards date. They falsely claimed that early participants would receive special benefits within 24 hours. This type of phishing tactic aims to steal users’ digital assets and wallet information.
Decrypt confirmed the breach after finding the fraudulent link on the account. The unauthorized posts appeared shortly after CZ’s initial warning about the potential compromise. The Chinese language BNB Chain account also confirmed the hack.
CZ provided updates on the response efforts. Security teams notified X about the breach and requested immediate account suspension. They also filed takedown requests for all related phishing websites.
Security Response and Recovery Efforts
The security team worked to restore access to the compromised account. CZ emphasized the importance of checking website domains carefully, even when links come from verified accounts. By 6:00 AM UTC, the fraudulent airdrop posts became unavailable.
The Chinese BNB Chain account urged users not to click any links. They confirmed the team was urgently working on a fix. Users began questioning whether victims would receive compensation or support.
ChainGPT CEO Ilan Rakhmanov shared his theory about the breach. He suggested someone on the BNB team may have accidentally granted posting permissions to a malicious third-party application. He recommended checking and disconnecting all connected apps.
Independent researcher Shanaka Anslem Perera called it a “social-layer attack.” He noted the blockchain itself wasn’t compromised, only the social media account. Perera advised freezing the X handle and forcing logout of all authenticator apps.
Questions About Platform Security
The incident sparked criticism of X’s security measures. Users questioned how a verified gold check mark account could be compromised so easily. The BNB Chain account had premium verification status.
One user criticized the platform’s security protocols. They questioned the purpose of paying for verification if gold accounts cannot be properly secured. Other crypto accounts began reviewing their own security practices.
BNB token price fell 0.95% in the 24 hours following the hack. The token traded close to the $1,000 level. Binance has not yet released an official statement about how the breach occurred or provided a detailed post-mortem report.
