Key Takeaways
- Binance co-CEO Yi He’s WeChat account was hijacked after the old mobile number linked to the abandoned account was seized (likely reassigned by the carrier).
- The attackers used the compromised account to promote a memecoin called Mubarakah, allegedly netting them $55,000 through a pump-and-dump scheme before the account was restored.
- Security experts warn that this attack vector is low-barrier and advise high-profile users to prune contact lists, rotate passwords, and respond quickly to login alerts.
Old Mobile Number Abuse Leads to Crypto Executive Impersonation
Newly appointed Binance co-CEO and co-founder Yi He became the latest high-profile victim of a common, yet increasingly relevant, security vulnerability involving traditional Web2 communication platforms. Binance co-founder Yi He just got a scary lesson in digital security. She revealed on X that her old, long-abandoned WeChat account was hijacked after the mobile number tied to it was apparently recycled and seized by someone else.
The attack was a textbook financial scam. Blockchain firm Lookonchain pointed out that the hijackers used the compromised account to shill a new token named Mubarakah, executing a quick pump-and-dump that reportedly bagged them $55,000.
Though Binance and WeChat managed to recover the account, the event is a sharp warning about cross-platform risk. Coming right after a similar hack involving Tron’s Justin Sun in November, the pressure is mounting for crypto execs to clean up their digital footprints immediately.
The Low-Barrier Attack Vector for WeChat Takeovers
The mechanism behind these attacks is often surprisingly simple, relying on weaknesses in account recovery and mobile number management systems. In regions like China, mobile carriers typically reissue numbers to the market just three months after the original user cancels their account. This creates an open door for credential stuffing, SIM-linked recovery abuse, and targeted social engineering.
An attacker with access to leaked login credentials could seize control of an account by simply contacting two “frequent contacts” of the target. Crucially, these contacts don’t need to be people the victim directly messaged recently; they could simply be individuals who were briefly added as friends or interacted with in a shared group chat. This low-barrier method is particularly dangerous for crypto executives who frequently interact with various parties, including over-the-counter (OTC) traders, in group environments.
Security Advice for High-Profile Crypto Users
In light of the repeated compromises, the advice for high-profile crypto users is clear and urgent. SlowMist’s founder stressed the importance of not adding unknown contacts casually to messaging platforms. Furthermore, users should regularly rotate their passwords across all services and be highly vigilant, responding immediately to any login alerts or security notifications.
The incident also prompted a warning from Binance co-founder Changpeng Zhao (CZ), who used the opportunity to remind the community that he also has not used his WeChat account for a long time and would “not promote any memecoin contract addresses” on that account.
This advice is critical for user safety, particularly following a separate incident in October where BNB Chain’s official X account was compromised, leading to phishing links and a reported loss of $8,000 in user funds, which the company later reimbursed. The lesson is that the security of Web2 accounts is a direct liability for the Web3 industry.
Final Thoughts
The successful hack of Yi He’s dormant WeChat account exposes a significant, yet preventable, vulnerability in the digital defenses of crypto leaders stemming from Web2 account recovery mechanisms. Proactive measures, from pruning contacts to rotating credentials, are essential to prevent social engineering and scams that rely on identity impersonation.
Frequently Asked Questions
How did the attacker gain access to the account?
The attacker gained access after the old, abandoned mobile number linked to the WeChat account was seized/reassigned by the carrier.
What was the motive of the hackers?
The hackers used the account to promote a memecoin (Mubarakah), allegedly netting $55,000 from a pump-and-dump scheme.
What is the key advice for avoiding this type of hack?
Prune contact lists, rotate passwords, and act fast on security alerts, especially when dealing with accounts linked to reissued mobile numbers.
