Yi He WeChat Hack Raises Web2 Security Risks for Crypto Executives

Replace Dec. 10, 9:30 am UTC: This text has been up to date so as to add feedback from a Binance spokesperson.

Newly appointed Binance co-CEO and co-founder Yi He stated on X that her WeChat account was hijacked after an outdated cell quantity was taken, highlighting how Web2 messaging platforms can be utilized to impersonate crypto executives. 

“WeChat was deserted way back, and the telephone quantity was seized for use. It can’t be recovered at current,” she said in a translated X put up.  

The account has since been recovered. A Binance spokesperson instructed Cointelegraph that the account had been recovered. “Now we have labored carefully with WeChat’s safety crew, and the account has now been efficiently recovered,” the spokesperson stated.

Blockchain analytics agency Lookonchain flagged that after the hack, the attackers promoted a token known as Mubarakah, pumping the worth. The platform claimed that the attackers netted $55,000 with the scheme. 

The assault comes days after the Binance co-founder was appointed as the co-CEO of the crypto trade platform. Binance CEO Richard Teng introduced the information at Binance Blockchain Week in Dubai, calling it a “pure development.”

SlowMist founder outlines learn how to keep away from the assault vector

This follows a earlier WeChat compromise in November, which concerned Tron founder Justin Solar. On Nov. 30, Solar posted on X that his account was hacked and that he had contacted the platform to attempt to get the account again. 

After the newest assault, SlowMist founder Yu Xuan re-published a breakdown on how WeChat account takeovers could happen, warning that the barrier to assaults will be surprisingly low. 

According to his take a look at, an attacker who already has entry to leaked login credentials might seize management of an account by contacting two “frequent contacts.”

He stated that this may embody individuals who had been by no means immediately messaged and merely added as pals or interacted with briefly in a shared group. 

In China, carriers sometimes reissue cell numbers to the market three months after customers cancel their accounts.

This technique, the place inactive SIM-linked accounts will be reclaimed or reassigned, creates openings for credential stuffing, SIM-linked restoration abuse and focused social engineering. 

The SlowMist founder urged customers, particularly high-profile figures who deal with over-the-counter (OTC) merchants or wallet-related discussions, to keep away from including unknown contacts casually. He additionally really useful rotating passwords and responding rapidly to login alerts. 

Associated: South Korea to impose bank-level liability on crypto exchanges after Upbit hack: Report

CZ warned that he wouldn’t promote memecoin contracts

Binance co-founder Changpeng Zhao stated on X that he additionally has not used his WeChat account for a very long time.

Zhao warned that he wouldn’t promote any memecoin contract addresses on this account, giving customers a fast reminder to remain protected amid rising threats. 

The incident comes solely months after BNB Chain’s official X account was compromised. On Oct. 1, hackers took over and started posting phishing links on the official social media of the blockchain community.

BNB Chain beforehand instructed Cointelegraph that 10 hyperlinks had been posted and that $8,000 in person funds had been misplaced. The corporate stated that each one affected customers had been totally reimbursed.