BNB Chain X account compromised, promotes fake airdrops

The official X account of BNB Chain has been compromised, with Binance co-founder and former CEO Changpeng  ‘CZ’ Zhao confirming the breach. 

CZ said in a post on Wednesday morning that a malicious actor had compromised the BNB Chain’s X account, with the hacker publishing a series of posts with links to phishing websites.

Amid the vulnerability, users have been asked not to click on any of the links or connect their wallets.

What happened?

Zhao issued the alert via his official X account:

He also added that BNB Chain was working with security teams to have the account suspended before access is restored. 

The attacker’s series of malicious links directed BNB Chain users to phishing websites that prompted Wallet Connect requests. 

One of the unauthorized posts asked the BNB Chain community to join a “BNB Hodler airdrop" campaign, and promised participants token rewards within the first 24 hours.

Crypto and phishing scams

Phishing is a common tactic cybercriminals use to gain unauthorized access to unsuspecting users’ crypto wallets.

In this case, the attacker targeted crypto holders connecting their wallets to the fraudulent links, a mistake that could result in significant financial losses.

Like in any other event, users are advised to always scrutinize domain names in links carefully, even when interacting with accounts purporting to be official.

Notably, malicious actors targeting social media platforms to perpetrate crypto scams have increased over the years. Phishing attacks have seen victims’ losses amounting to millions.

While the BNB Chain team acted swiftly, users have reacted to the attack as an example of the challenges crypto participants face.

One user noted that the major chains should do more to protect their user base, with security a proactive endeavour, not reactive.

Another pointed out that X should do more to protect its users.

Ilan Rakhmanov, founder  and CEO of ChainGPT, noted that the attack may have been a result of a BNB team member unknowingly granting permission to a malicious third party. 

“Maybe someone on BNB's team connected a malicious 3rd party with permission to post without knowing it's a malicious application,” Rakhmanov posted.