3 hours ago
565
Binance founder Changpeng Zhao (CZ) has warned the crypto community about an inflating trend of phishing scams linked to the surging meme coin trend. His remarks followed the hackers’ takeover of the official X account of BNB Chain, which they used to promote unauthorized token campaigns as well as fake airdrops.
The compromised account, followed by nearly four million users, was used to post fraudulent links in the form of legitimate Wallet Connect prompts. Unsuspecting users who interacted with these links risked exposing their private keys and losing their cryptocurrency assets.
Blockchain security firm SlowMist tracked the operation to a phishing domain that was very similar to the official BNB Chain website, except for a single character.
With the rise of meme coins, hackers are targeting social media accounts (as they usually have lower security measures) to post CAs.
Beware that official accounts do not endorse any specific memes.
— CZ 🔶 BNB (@cz_binance) October 20, 2025
Researcher 23pds from SlowMist linked the domain to the notorious Inferno Drainer group – a collective known for developing wallet-draining templates and running large-scale phishing schemes since 2022.
Binance security team responds swiftly
Following the breach, CZ confirmed that the internal security team of Binance collaborated directly with X (previously Twitter) to suspend the hacked account and delete the phishing domains.
“The BNBCHAIN account is compromised. The hacker posted links to phishing websites. Do NOT connect your wallet,” Zhao posted on his personal X account. He reitaretad his SAFU (Secure Asset Fund for Users) post, reminding readers that they should be cautious even when the so-called verified or official accounts post the information.
CZ’s caution highlights the complexity of the current phishing attacks that have begun to take advantage of brand credibility. Meme coins and fake airdrops are used as bait by attackers who attack crypto users via verified accounts and influencers.
Growing pattern of crypto account breaches
The BNB Chain incident is just one more addition to the increasing list of social media breaches that have rattled the crypto industry throughout 2025. Earlier this year, a fake governance token was promoted to the X account of Pump.fun, which had been hijacked. Similarly, another WIRED journalist’s account was used to promote a meme coin scam, which duped thousands of followers.
Last week, PancakeSwap’s X account in Chinese was hacked to promote “Sir Pancake”, a fake token that, for a short time, generated almost $20 million in trading volume. The day before, another fake meme coin called “4” was promoted via the BNB Chain hijacked account before the community regained control.
Most recently, scammers took over the official DOTA 2 YouTube channel to promote “dota2coin,” a Solana-based token. The livestream titled “Dota 2 Launch Official Meme Coin Hurry Up” had a Pump.fun token link in it that redirected people back to the hacked channel.
The breaches have not been limited to crypto-native accounts. In March, Ghana’s former president, John Mahama’s X profile was hacked to advertise a counterfeit Solana token named Solanafrica. A month later, UK government minister Lucy Powell’s account was used to promote a fraudulent “community” token.
Even high-profile institutions have gotten their share. In June, hackers gained access to Andreessen Horowitz’s (a16z) official X account to promote a fake $a16z token. Around the same time, the account of Paraguay’s President, Santiago Peña, was compromised to falsely declare that Bitcoin had been declared legal tender in the country.
Sign up to Bybit and start trading with $30,050 in welcome gifts
English (US)