BNB Chain’s X Account Breached Following SlowMist Executive’s Warning About Inferno Links

Update, Oct. 1, 10:11 am UTC: This article has been revised to include comments from the BNB Chain team.

The official X account of the BNB Chain blockchain network, boasting nearly four million followers, was hacked on Wednesday. Cybercriminals exploited the account to disseminate phishing links aimed at cryptocurrency wallets. 

Binance founder Changpeng “CZ” Zhao confirmed the breach, advising his followers to avoid interacting with the malicious posts featuring phishing links. “The hacker posted multiple links to phishing sites asking for Wallet Connect. Do NOT connect your wallet,” CZ cautioned.

He mentioned that BNB Chain’s security teams have alerted X and are taking steps to suspend the account and restore access. Zhao noted that takedown requests for the phishing sites have already been filed.

A member of the BNB Chain team informed Cointelegraph that they are still examining how the breach occurred. “We are collaborating closely with our security partners to pinpoint the root cause and will share confirmed findings when available,” they stated.

Phishing links disguised as Wallet Connect prompts

SlowMist’s chief information security officer, known as 23pds on X, reported that attackers employed a common tactic of altering letters in the phishing domain to make it look legitimate. 

“BNB Chain’s English official X account has been compromised! The phishing website swapped the letter i for l,” 23pds tweeted, urging users not to be fooled. The security expert also suggested that the malicious domain is linked to the notorious Inferno phishing group. 

The Inferno Drainer, a crypto wallet-draining and phishing-as-a-service platform, surfaced around 2022 and gained infamy in 2023. It enables its affiliates to launch pre-made phishing sites that closely resemble legitimate crypto project interfaces. 

This incident underscores the difficulties in safeguarding official crypto project accounts from hacks. The SlowMist CISO opined that the breach raises concerns about the organization’s security practices. 

“The BNB Chain team’s security awareness should not be this lacking,” 23pds noted. 

Related: Protect your crypto: Rising ‘try my game’ Discord scam

CZ warns users to carefully check domains

In his X post, Zhao urged community members to scrutinize domains even when links come from verified or official social accounts. “Always check the domains thoroughly, even from official X handles. Stay SAFU!” he instructed.

At 8:26 am UTC, the BNB Chain team announced that they had regained control of the account.

A BNB Chain representative informed Cointelegraph that a total of 10 phishing links were posted, leading to losses amounting to $8,000 across various chains. BNB Chain confirmed that all affected users will be fully reimbursed.