Yu Xuan from SlowMist told important users to cut down on contacts, change passwords often, and act quickly on notifications to lower the danger of WeChat being taken over. Yi, who is now the co-CEO and co-founder of Binance, mentioned on X that her WeChat account was compromised after someone stole her old phone number. This shows how Web2 chat apps may be exploited to pretend to be crypto CEOs.
WeChat was left behind a long time ago, and the phone number was taken for use. She wrote in a translated X post. The account has been fixed since then.
Lookonchain, a company that analyses blockchain data, said that after the hack, the hackers pushed a token called Mubarakah, which raised its price. The platform said that the attackers made $55,000 using the plan.
How WeChat accounts are vulnerable
The incident occurred mere days after Binance’s co-founder assumed the role of co-CEO on the crypto exchange site. The warning comes after a WeChat hack in November that affected Justin Sun, the founder of Tron. Sun wrote on X on November 30 that his account had been hacked and that he had contacted the site to try to get it back.
Yu Xuan, the founder of SlowMist, provided a new explanation of how an attacker can take over WeChat accounts following the most recent attack. He warned that the barrier to attacks can be shockingly low.
His test indicated that an attacker who has already leaked login information might take over an account by getting in touch with two “frequent contacts. This may include people who were never directly messaged and were only added as friends or talked to briefly in a group. In China, cellphone carriers usually give out new numbers to the market three months after individuals cancel their accounts.
Security advice for crypto executives
This method, which lets you reclaim or reassign dormant SIM-linked accounts, makes it possible for credential stuffing, SIM-linked recovery misuse, and targeted social engineering to happen. The founder of SlowMist told users, especially well-known people who talk about OTC trading or wallets, not to add unknown contacts without thinking about it. He also suggested changing passwords often and acting immediately when you get a login notice.
Changpeng Zhao, who helped start Binance, remarked on X that he hasn’t used his WeChat account in a long time either. Zhao said he wouldn’t promote any memecoin contract addresses on this account, which was a brief reminder for people to keep safe as threats mount. The incident happened just a few months after BNB Chain’s official X account was hacked. On October 1, hackers gained control and started posting phishing links on the blockchain network’s official social media pages.