Phishing links disguised as Wallet Connect prompts
SlowMist’s chief information security officer, who goes by the handle 23pds on X, said attackers used a classic trick, swapping letters in the phishing domain to make it appear legitimate.
“BNB Chain’s English official X account has been hacked! The phishing website changed the letter i into l,” 23pds posted, warning users not to be deceived. The security professional also suggested that the malicious domain belongs to the infamous Inferno phishing group.
The Inferno Drainer is a crypto wallet-draining software and phishing-as-a-service platform that emerged around 2022 and gained notoriety in 2023. It operates by allowing its affiliates to deploy ready-made phishing sites that mimic legitimate crypto project interfaces.
The incident highlights challenges in protecting official crypto project accounts from takeovers. The SlowMist CISO suggested that the breach raises questions about the team’s security practices.
“The BNB Chain team’s security awareness shouldn’t be this poor,” 23pds said.
CZ warns users to check domains carefully
In his X post, Zhao advised community members to always check domains even when the links are coming from official or verified social handles. “Always check the domains very carefully, even from official X handles. Stay SAFU!” he wrote.
At the time of writing, the phishing posts were no longer visible, yet it remains uncertain whether any users connected their wallets or lost funds.