BNB Chain X Account Hacked by Inferno Drainer Group

The security breach unfolded on Wednesday when hackers gained control of BNB Chain’s official X account, which serves as a primary communication channel for one of the world’s largest blockchain networks. The attackers immediately began posting phishing links designed to trick users into connecting their cryptocurrency wallets to malicious websites. According to SlowMist’s chief security officer, the infrastructure behind these phishing domains was definitively tied to the Inferno Drainer group, a well-known criminal organization specializing in cryptocurrency wallet draining schemes.

Binance founder Changpeng “CZ” Zhao personally confirmed the incident through his own social media channels, demonstrating the seriousness of the breach. “The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet,” Zhao urgently warned his substantial following. His immediate public response underscored both the potential severity of the attack and the high stakes involved, given BNB Chain’s central role in the Binance ecosystem and the broader cryptocurrency market.

BNB Chain’s security teams moved quickly to contain the damage, notifying X platform administrators about the account compromise and working to suspend the account to prevent further malicious posts. Simultaneously, the teams submitted takedown requests for the phishing websites, aiming to disrupt the attackers’ operations before significant user funds could be drained. This coordinated response reflects the established security protocols that major crypto entities have developed to handle such incidents.

The attribution to Inferno Drainer group represents a significant development in understanding the attack’s sophistication and potential impact. This criminal organization has established itself as one of the most prolific and successful wallet-draining operations in the cryptocurrency space, responsible for numerous high-value attacks across various blockchain networks. Their modus operandi typically involves creating convincing fake websites and interfaces that prompt users to approve malicious transactions, resulting in the complete draining of their digital assets.

Security researchers have documented Inferno Drainer’s extensive infrastructure and evolving tactics over multiple campaigns. The group’s ability to compromise a verified account with nearly four million followers demonstrates their continued innovation in social engineering and account takeover techniques. This particular attack vector—hijacking legitimate social media accounts to distribute phishing links—represents an escalation in their operational methods, allowing them to leverage established trust relationships to target victims.

The connection to Inferno Drainer also suggests the attackers had significant resources and planning behind the operation. Previous analyses of the group’s activities indicate they operate sophisticated phishing-as-a-service platforms and maintain extensive infrastructure across multiple domains and hosting providers. Their targeting of BNB Chain specifically indicates they’re focusing on high-value ecosystems with substantial user bases and significant financial value at stake.

This incident highlights the ongoing security challenges facing the cryptocurrency industry, particularly around social media account security and user education. Despite increased security spending and awareness campaigns, major platforms remain vulnerable to account takeovers that can be weaponized to target thousands of users simultaneously. The compromise of an account with nearly four million followers demonstrates that even the largest, most technically sophisticated organizations in the space are not immune to these threats.

The attack also underscores the critical importance of Wallet Connect security practices among cryptocurrency users. As CZ specifically warned, users must exercise extreme caution when encountering requests to connect their wallets to unfamiliar websites or interfaces. The fact that such a prominent figure needed to issue immediate public warnings indicates that even experienced users might fall victim to these sophisticated phishing attempts when they appear to come from trusted sources.

Looking forward, this incident will likely prompt renewed focus on social media security protocols across the cryptocurrency industry. Organizations may need to implement more robust multi-factor authentication, conduct more frequent security audits of their social media accounts, and develop faster response protocols for account compromises. Additionally, the continued success of groups like Inferno Drainer suggests that technical solutions alone may be insufficient without corresponding improvements in user awareness and skepticism toward unexpected connection requests.