BNB Chain’s official X account was compromised on 1 October 2025, prompting the posting of phishing links that targeted users via WalletConnect prompts. The incident led to about 8,000 USD in losses across several wallets before security teams regained access. Control was restored and full reimbursement was pledged by BNB Chain and Binance.
Changpeng Zhao (CZ) issued the first public warning, highlighting the danger that verified social accounts pose to traders and treasuries. He stated the breach occurred that morning and that an intruder added a batch of links, writing: “ALERT – The @BNBCHAIN X account is compromised. The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet.” The scam posed as a “BNB Hodler airdrop” promising rewards within twenty four hours, seeking to entice users into connecting their wallets.
Incident details and immediate response from BNB Chain
BNB Chain and Binance later confirmed the attacker posted ten phishing links and that security staff regained control of the account. Community members and partners flagged the posts, and security teams asked X to remove the sites. Total losses were near 8,000 USD, with the largest single loss around 6,500 USD, and BNB Chain’s note promised full repayment to affected users.
The episode underscores that official social accounts remain a weak point and that wallet connectors expose users to social engineering theft. Ilan Rakhmanov, ChainGPT founder or CEO, told reporters that a team member likely granted permissions by mistake and advised users to audit and revoke wallet connections. Traders and treasuries should audit application permissions, tighten access controls, and verify official advice before clicking.
BNB Chain continues to investigate the root cause and will publish a forensic report with corrective steps once the review ends, aiming to harden internal permissions and reduce future exposure.
The quick restoration of the account and reimbursement pledge help limit immediate damage, but the incident elevates attention on how teams manage internal permissions and handle verified social media risks.
