On October 1, 2025, hackers took management of BNB Chain’s official X account and flooded it with faux airdrop hyperlinks designed to steal cryptocurrency from unsuspecting customers.
The account, which had 3.6 million followers on the time of the assault, turned a platform for one of many newest phishing assaults concentrating on the crypto group.
Former Binance CEO Changpeng Zhao, often called CZ, rapidly warned customers in regards to the breach. “ALERT: The @BNBCHAIN X account is compromised. The hacker posted a bunch of hyperlinks to phishing web sites that ask for Pockets Join. Do NOT join your pockets,” CZ stated on his personal X account.
The Assault Technique
The hackers used a easy however efficient tactic. They posted a number of messages a few faux “BNB HODLer Airdrop” with hyperlinks resulting in fraudulent web sites. These websites appeared authentic and requested customers to attach their crypto wallets by WalletConnect, a well-liked software for accessing blockchain purposes.
If somebody related their pockets to those faux websites, hackers may doubtlessly drain all their cryptocurrency. The attackers even posted “$4” alongside the phrase “FOR THE MEME” with CZ’s image and a pockets deal with, pinning it to the highest of the account for max visibility.
The compromised posts directed customers to a faux web site pretending to be “bnbchain.org.” A number of posts about the identical fraudulent airdrop appeared all through the hack, creating a way of urgency and legitimacy.
Swift Safety Response
Binance’s safety group moved rapidly as soon as they found the breach. They contacted X (previously Twitter) to quickly droop the compromised account and cease the unfold of malicious hyperlinks. The group additionally filed takedown requests for all phishing web sites related to the assault.
CZ emphasised an essential safety lesson: “All the time verify the domains very fastidiously, even from official X handles. Keep SAFU!” The time period “SAFU” (Safe Asset Fund for Customers) is often used within the Binance group to point safety.
Supply: @cz_binance
Each the English and Chinese language BNB Chain accounts confirmed the hack. The Chinese language account knowledgeable customers that the English X account was “underneath restore” and urged everybody to not click on any hyperlinks. By 06:00 AM UTC on October 1, the fraudulent posts turned unavailable.
Market Stays Calm
Regardless of the safety breach, BNB token holders didn’t panic. The token’s value dropped just one.08% in 24 hours, buying and selling at round $1,010. This gentle response reveals that buyers trusted Binance’s means to deal with the state of affairs.
The calm market response additionally mirrored an essential element: no precise blockchain hack occurred. In contrast to many crypto safety incidents the place funds are stolen from sensible contracts or wallets, this assault solely compromised a social media account. All cryptocurrency saved on the BNB Chain remained safe.
How Did Hackers Get In?
Safety specialists supplied theories about how the breach occurred. Ilan Rakhmanov, CEO of ChainGPT, urged that somebody on the BNB group may need by accident given posting permissions to a malicious third-party software with out realizing it was harmful.
Impartial researcher Shanaka Anslem Perera known as it a “social-layer assault” as a result of the blockchain itself wasn’t compromised—solely the X account. He really helpful that BNB Chain publish an in depth report about what occurred so different crypto tasks can study from the incident and strengthen their safety.
The truth that BNB Chain’s account had a golden checkmark (verified standing) but nonetheless bought hacked raised issues. Customers questioned X’s safety measures, with some asking what the purpose of paying for verification is that if it doesn’t forestall these assaults.
A part of a Bigger Sample
This hack wasn’t an remoted incident. All through 2025, a number of high-profile X accounts within the crypto area have been compromised. In February, Pump.enjoyable’s official account was used to announce a faux token. That very same month, a WIRED reporter’s account promoted a fraudulent WIRED-branded token.
Even authorities officers haven’t been secure. In March, Ghana President John Mahama’s X account was hacked to advertise “Solanafrica,” a faux token on the Solana community. In April, UK authorities minister Lucy Powell’s account marketed a bogus digital forex.
These repeated assaults present that social media platforms stay weak, even when accounts have verification and powerful follower bases.
Classes for Crypto Customers
This incident teaches a number of essential classes. First, at all times confirm web site URLs fastidiously, even when a hyperlink comes from an official account. Hackers can compromise any account, no matter verification standing.
Second, be suspicious of sudden airdrops or giveaways. Authentic tasks not often ask you to attach your pockets to assert rewards by random hyperlinks. If one thing appears too good to be true, it in all probability is.
Third, by no means join your pockets to unfamiliar web sites with out doing analysis first. When you give a malicious website entry to your pockets, recovering stolen funds turns into practically unattainable.
The Street Ahead
Whereas no official compensation has been introduced for victims who related their wallets, the fast response from Binance’s safety group prevented wider harm. The incident highlights that crypto safety isn’t nearly defending blockchain networks—social media safety issues simply as a lot.
Some group members have requested whether or not X wants higher safety measures for high-profile accounts, particularly these associated to monetary providers. The repeated compromises recommend present protections is probably not sufficient.
Backside Line: Belief, Then Confirm
The BNB Chain X account hack serves as a reminder that in crypto, verification is every part. Even messages from official accounts want a re-examination. The excellent news is that fast motion restricted the harm, and the blockchain itself stayed safe. However as social media assaults turn out to be extra widespread, customers should keep alert. Examine each hyperlink twice, query sudden gives, and keep in mind: authentic crypto tasks not often ask you to urgently join your pockets by social media posts.
Sven Luiv Sven Luiv Read More
