Update Dec. 10, 9:30 am UTC: This article has been updated to add comments from a Binance spokesperson.
Newly appointed Binance co-CEO and co-founder Yi He said on X that her WeChat account was hijacked after an old mobile number was taken, highlighting how Web2 messaging platforms can be used to impersonate crypto executives.
“WeChat was abandoned long ago, and the phone number was seized for use. It cannot be recovered at present,” she said in a translated X post.
The account has since been recovered. A Binance spokesperson told Cointelegraph that the account had been recovered. “We have worked closely with WeChat’s security team, and the account has now been successfully recovered,” the spokesperson said.
Blockchain analytics firm Lookonchain flagged that after the hack, the attackers promoted a token called Mubarakah, pumping the price. The platform claimed that the attackers netted $55,000 with the scheme.
The attack comes days after the Binance co-founder was appointed as the co-CEO of the crypto exchange platform. Binance CEO Richard Teng announced the news at Binance Blockchain Week in Dubai, calling it a “natural progression.”
SlowMist founder outlines how to avoid the attack vector
This follows a previous WeChat compromise in November, which involved Tron founder Justin Sun. On Nov. 30, Sun posted on X that his account was hacked and that he had contacted the platform to try to get the account back.
After the most recent attack, SlowMist founder Yu Xuan re-published a breakdown on how WeChat account takeovers may occur, warning that the barrier to attacks can be surprisingly low.
According to his test, an attacker who already has access to leaked login credentials could seize control of an account by contacting two “frequent contacts.”
He said that this might include people who were never directly messaged and merely added as friends or interacted with briefly in a shared group.
In China, carriers typically reissue mobile numbers to the market three months after users cancel their accounts.
This system, where inactive SIM-linked accounts can be reclaimed or reassigned, creates openings for credential stuffing, SIM-linked recovery abuse and targeted social engineering.
The SlowMist founder urged users, especially high-profile figures who handle over-the-counter (OTC) traders or wallet-related discussions, to avoid adding unknown contacts casually. He also recommended rotating passwords and responding quickly to login alerts.
Related: South Korea to impose bank-level liability on crypto exchanges after Upbit hack: Report
CZ warned that he would not promote memecoin contracts
Binance co-founder Changpeng Zhao said on X that he also has not used his WeChat account for a long time.
Zhao warned that he would not promote any memecoin contract addresses on this account, giving users a quick reminder to stay safe amid growing threats.
The incident comes only months after BNB Chain’s official X account was compromised. On Oct. 1, hackers took over and started posting phishing links on the official social media of the blockchain network.
BNB Chain previously told Cointelegraph that 10 links were posted and that $8,000 in user funds were lost. The company said that all affected users had been fully reimbursed.
Magazine: Quantum attacking Bitcoin would be a waste of time: Kevin O’Leary