BNB Chain’s X Account Hacked, CZ Issues Urgent Phishing Alert

The warning helped contain the attack swiftly. The compromised account was suspended and takedown requests were submitted for the phishing domains. Hackers had used the account to post links that looked legitimate but directed users to fake wallet-connection portals. The tactic relied on social engineering, leveraging the apparent legitimacy of the account to induce trust. Once users connect, their wallets may be drained via malicious smart contracts.

This is consistent with phishing-as-a-service models seen in wallet drainer groups, including Inferno Drainer. In previous campaigns, Inferno Drainer has been linked to multi-million-dollar thefts. Although no official confirmation of funds lost in this incident has yet emerged, even brief exposure windows in phishing attacks are known to enable successful attacks.

Unlike protocol-level exploits, which target flaws in blockchain infrastructure, this incident demonstrates that social media and communication channels are equally critical attack surfaces. Even when the underlying blockchain remains secure, attackers can bypass technical defenses by exploiting human trust. Verified accounts on platforms like X or Discord carry perceived authority, which increases the likelihood that users will interact with posted content. Phishing attacks are particularly dangerous in the crypto space because wallet transactions, once approved, are irreversible. A single malicious signature can give hackers sweeping control over a user’s funds.

This is not the first time BNB Chain’s ecosystem has been tested by malicious actors. In 2022, a vulnerability in the BSC Token Hub bridge allowed an attacker to mint 2 million BNB, an amount variously valued at over $550–$580 million at the time. Prompt interventions led to many of those funds being frozen or blocked from full transfer across chains. In response, BNB Chain introduced stronger governance and emergency response protocols, including voting mechanisms to determine whether to freeze stolen assets.

According to Hacken’s 2024 security report, losses on BNB Chain fell from about $161 million in 2023 to roughly $47 million in 2024, a decline of approximately 70%, reflecting improvements in security practices across the ecosystem. Even so, as the recent social-media breach demonstrates, securing channels of communication remains a vital and unresolved challenge.

The lessons from this incident are clear for both project teams and users. For blockchain projects, there is a need to implement strict security measures for social media accounts, including hardware security keys, multi-factor authentication, and regular audits of authorized applications. Establishing rapid response playbooks for compromised accounts, including direct escalation channels with platform operators like X, is equally vital. Publishing and regularly updating official link directories can also help users verify legitimate websites and avoid malicious copies.

For users, the focus must be on vigilance. Links should never be trusted solely because they originate from verified accounts, since those accounts can be compromised. Domains must be checked carefully before a wallet connection is approved. Hardware wallets provide an additional layer of defense because they require physical confirmation of transactions, making it harder for a phishing script to succeed silently.

Users are also advised to revoke unnecessary dApp permissions regularly through their wallet settings, since old approvals can be abused long after the original interaction. Staying updated on ongoing phishing campaigns by following credible blockchain security researchers and alerts can make the difference between falling victim or staying safe. As CZ noted in his warning, users must “stay SAFU,” a reminder that personal vigilance is still the first line of defense in the crypto ecosystem.

BNB Chain’s X account hack illustrates that the human element, trust, perception and behavior remain one of the hardest aspects to secure in Web3. Even as protocols strengthen their technical defenses, adversaries continue to exploit communication channels where urgency and authority can cloud user judgment. For the industry, this suggests that security is no longer just about securing code or smart contracts. It is about securing the broader ecosystem of communication, from social media to community channels, where a single compromised message can have wide-ranging consequences.

The rapid containment of this incident demonstrates progress since earlier breaches, but it also reinforces that phishing is not going away. As long as attackers can manipulate social trust, incidents like this will remain a recurring challenge for crypto projects and their communities.