BNB Chain’s Chinese X Account Compromised Former Binance CEO Changpeng Zhao (CZ) reported that BNB Chain’s official Chinese account on X was compromised, prompting an immediate warning not to click recently posted links while the team investigated and prepared updates. The advisory emphasized caution and asked users to avoid any prompts originating from the account during the incident window. Update: CZ later said access was restored and estimated the attacker’s take at about $13,000, noting that security teams were still probing potential know‑your‑customer factors. He added that the attacker exposed themselves to criminal liability for relatively limited gains compared with building legitimate products. Phishing Mechanics And Account Recovery The attackers posted messages with phishing links urging users to connect their wallets via WalletConnect, a common lure in social engineering campaigns against crypto communities. BNB Chain reiterated, “ Do not connect your wallet ,” as teams coordinated with X to restrict access, remove malicious content, and submit takedown requests for associated phishing domains. One widely circulated post featured “$4 for a meme,” a wallet address, and an image of CZ—an example of how low‑effort baits can still drive high‑risk clicks when paired with brand trust and urgency cues. A Broader Pattern Of Social Media Compromises The incident adds to a run of account takeovers targeting high‑profile organizations. In 2024, the MicroStrategy account on X was used to push a fake airdrop; later that year, multiple popular accounts were hijacked to advertise a scam token that reportedly failed to generate profits. OpenAI’s press office account was also compromised to promote a fake token. In January 2025, a Nasdaq account was used to promote the STONKS coin, whose market cap spiked to tens of millions before collapsing—illustrating how briefly viral promotions can trap unsuspecting users. Practical takeaways: never sign messages or connect wallets from social posts; verify announcements via official sites or multiple trusted channels; and assume urgency or giveaway framing is a red flag. For brands, enforce hardware‑key authentication, least‑privilege access, 24/7 alerting, and pre‑authorized takedown pathways with platforms to compress incident response times.
