BNB Chain’s verified X account was compromised and used to post phishing links that mimic WalletConnect pages; the attack is tied to the Inferno Drainer phishing group and targeted users’ wallets—do NOT connect your wallet to any links from the compromised posts. BNB Chain X account compromised and used to distribute WalletConnect phishing links Attackers used look‑alike domains by swapping letters to imitate official sites Inferno Drainer attribution: phishing‑as‑a‑service active since 2022; nearly 4M followers exposed BNB Chain hacked: verified X account posted phishing WalletConnect links—don’t connect wallets. Read how to verify domains and stay safe now. SlowMist’s chief security officer said the phishing domains behind BNB Chain’s compromised X account are tied to the notorious Inferno Drainer group. What happened when BNB Chain’s official X account was compromised? BNB Chain hacked when attackers gained access to its verified X account and posted phishing links that asked users to connect wallets via fake WalletConnect prompts. The posts were shared from an account with nearly four million followers and were used to drive traffic to look‑alike domains designed to drain wallets. Source: Changpeng Zhao How did attackers disguise phishing domains to trick users? Attackers used homograph-style tricks—swapping visually similar letters such as the letter “i” for “l”—to make phishing domains appear legitimate. SlowMist’s chief information security officer (handle: 23pds) flagged the domain manipulation and linked the infrastructure to the Inferno Drainer phishing‑as‑a‑service network, which has supplied turnkey wallet‑draining sites since 2022. Binance founder Changpeng “CZ” Zhao confirmed the compromise and warned followers not to interact with malicious posts asking for WalletConnect approvals. Zhao said takedown requests for the phishing domains have been submitted and that BNB Chain’s security teams are coordinating with platform operators to restore the account. How can users verify WalletConnect links and avoid scams? Verify domains by checking spelling precisely, viewing full URLs, and confirming official announcements from project channels. Do NOT approve any WalletConnect popups from unexpected sources. If in doubt, close the page and access the official project website via a bookmarked or directly typed URL. Source: 23pds Frequently Asked Questions { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Was BNB Chain hacked or was it only the X account that was compromised?", "acceptedAnswer": { "@type": "Answer", "text": "Only the verified X account was compromised; there is no public evidence that the BNB Chain blockchain itself was breached. The incident involved social account takeover and phishing links pushing fake WalletConnect prompts." } }, { "@type": "Question", "name": "What should I do if I clicked a phishing WalletConnect link?", "acceptedAnswer": { "@type": "Answer", "text": "Immediately disconnect any linked sessions, revoke approvals from your wallet provider, move remaining funds to a new wallet if you suspect private key exposure, and check official project channels for guidance." } } ]} At the time of reporting, the phishing posts were removed from public view, but it was unclear whether any users connected wallets or suffered losses. A BNB Chain team member said the team is investigating and will share updates shortly. Cointelegraph and other outlets reported on the incident; SlowMist and CZ provided public alerts on X. One of the phishing links shared by malicious attackers. Source: X What is the Inferno Drainer and why is it important? The Inferno Drainer is a phishing‑as‑a‑service platform that supplies affiliates with ready‑made wallet‑draining sites that mimic legitimate crypto project interfaces. Active since around 2022, the toolset has been linked to multiple high‑impact credential and wallet‑drain incidents. Key Takeaways Account takeovers are high risk : Verified social accounts can be exploited to reach large audiences quickly. Domain checks prevent scams : Always inspect URLs closely—homograph tricks are common. Immediate response matters : Revoke approvals and move funds if you suspect compromise. How to check a suspicious WalletConnect link (HowTo) Follow these steps to validate a WalletConnect prompt and reduce risk. { "@context": "https://schema.org", "@type": "HowTo", "name": "How to verify WalletConnect links before connecting", "description": "Step-by-step guide to confirm whether a WalletConnect link is legitimate and safe to use.", "image": "https://en.coinotag.com/wp-content/uploads/2025/10/01999eb1-4e2f-72d0-8acd-c890d949e4b3.png", "totalTime": "PT10M", "step":[ { "@type":"HowToStep", "name":"Inspect the full URL", "text":"Look at the entire domain for subtle character swaps and ensure it matches official domains exactly." }, { "@type":"HowToStep", "name":"Use bookmarks or direct navigation", "text":"Open project pages via your own bookmarks or by typing the official domain to avoid redirected or shortened links." }, { "@type":"HowToStep", "name":"Revoke suspicious approvals", "text":"If you interacted accidentally, revoke wallet approvals immediately and consider moving funds." } ]} Conclusion BNB Chain hacked refers to a verified social account compromise used to spread phishing WalletConnect links linked to Inferno Drainer. Users should verify domains carefully, revoke suspicious wallet approvals, and follow official project updates. COINOTAG will monitor developments and publish updates as the investigation progresses. { "@context": "https://schema.org", "@type": "NewsArticle", "headline": "BNB Chain X Account Compromised, Phishing Links Tied to Inferno Drainer", "image": [ "https://en.coinotag.com/wp-content/uploads/2025/10/01999eb1-4e2f-72d0-8acd-c890d949e4b3.png" ], "datePublished": "2025-10-01T08:00:00Z", "dateModified": "2025-10-01T10:00:00Z", "author": { "@type": "Organization", "name": "COINOTAG", "url": "https://en.coinotag.com" }, "publisher": { "@type": "Organization", "name": "COINOTAG", "url": "https://en.coinotag.com", "logo": { "@type": "ImageObject", "url": "https://en.coinotag.com/images/logo.png" } }, "mainEntityOfPage": { "@type": "WebPage", "url": "https://en.coinotag.com/crypto-news/bnb-chain-x-account-phishing-inferno" }, "description": "BNB Chain’s verified X account was compromised and used to post WalletConnect phishing links tied to the Inferno Drainer group."}
