Binance Co-CEO Yi He’s WeChat Hijack Raises BNB Security Concerns

• Attackers exploited an inactive phone number linked to Yi He’s WeChat, gaining control after contacting frequent contacts.

• Blockchain analytics from Lookonchain revealed the hackers promoted the Mubarakah token, netting approximately $55,000 in profits.

• SlowMist founder Yu Xuan highlighted that in China, carriers reassign numbers after three months of inactivity, creating opportunities for social engineering and credential stuffing.

Discover how Binance co-CEO Yi He’s WeChat hack exposes risks for crypto executives. Learn prevention tips from experts like SlowMist’s Yu Xuan to secure your accounts today.

What Caused the Yi He WeChat Hack?

Yi He WeChat hack occurred when attackers seized control of an old mobile number previously associated with her account, enabling them to impersonate the Binance co-CEO on the popular Chinese messaging platform. Newly appointed as Binance’s co-CEO, Yi He revealed on X that the account had been abandoned long ago, and recovery was not possible at the time. This breach highlights the intersection of traditional Web2 security flaws and the high-stakes world of cryptocurrency, where such impersonations can lead to significant financial scams.

Source: Yi He

How Do WeChat Account Takeovers Happen in Crypto Circles?

WeChat account takeovers often stem from the reassignment of inactive mobile numbers in China, where telecom carriers recycle SIM cards after about three months of disuse. In Yi He’s case, attackers likely used this old number to initiate a recovery process, contacting two frequent contacts—possibly individuals added casually or through group interactions—to verify and seize control. SlowMist founder Yu Xuan, a leading voice in blockchain security, explained that leaked login credentials combined with social engineering lower the barrier significantly for such attacks. He conducted tests showing that even brief interactions could suffice for verification.

Yu Xuan emphasized that high-profile crypto users, who frequently discuss over-the-counter trades or wallet management on WeChat, face elevated risks. “Avoid adding unknown contacts casually,” he advised, recommending regular password rotations and immediate responses to login alerts. This incident follows a pattern; in November, Tron founder Justin Sun’s WeChat was similarly compromised, prompting him to alert followers on X about the hack and his efforts to regain access.

Source: Justin Sun

Blockchain analytics firm Lookonchain reported that post-hijack, the attackers promoted a token named Mubarakah, artificially inflating its price and pocketing around $55,000 from unsuspecting buyers. Such scams exploit the trust in executives’ communications, turning personal accounts into vectors for fraud in the crypto ecosystem.

The timing of Yi He’s appointment as co-CEO, announced by Binance CEO Richard Teng during Binance Blockchain Week in Dubai, amplified the breach’s impact. Teng described the role as a “natural progression” for the co-founder, underscoring her longstanding influence in the exchange’s operations.

Source: Changpeng Zhao

Frequently Asked Questions

What Should Crypto Users Do to Prevent WeChat Hacks?

To avoid WeChat hacks like the one targeting Yi He, users should prune contact lists regularly, rotate passwords frequently, and act swiftly on any suspicious login alerts. Security experts from SlowMist recommend avoiding casual additions of unknown contacts, especially for discussions involving OTC trades or wallets, reducing the chances of social engineering exploitation.

How Common Are Mobile Number Seizures Leading to Account Takeovers?

Mobile number seizures are a notable risk in regions like China, where inactive SIMs are reassigned after three months, opening doors to credential stuffing and recovery abuse. As demonstrated in tests by SlowMist’s Yu Xuan, attackers can leverage just two frequent contacts—even from minimal interactions—to hijack accounts, a tactic increasingly seen in crypto-related incidents.

Key Takeaways

• Abandoned Accounts Are Vulnerable: Yi He’s long-inactive WeChat tied to an old number was easily seized, showing why crypto leaders should monitor and secure all legacy accounts.
• Social Engineering Lowers Barriers: Contacting just two frequent connections can enable takeovers, per SlowMist analysis, emphasizing the need for vigilant contact management.
• Act on Alerts Immediately: Quick responses to login notifications and password rotations can thwart attacks; Binance co-founder Changpeng Zhao reinforced this by warning against memecoin promotions on his dormant account.

Conclusion

The Yi He WeChat hack illustrates persistent vulnerabilities in Web2 platforms amid the rise of crypto leadership roles, with attackers exploiting mobile number reassignments and social engineering to perpetrate scams like the Mubarakah token pump. Insights from SlowMist’s Yu Xuan provide actionable steps for mitigation, urging high-profile figures to prioritize security hygiene. As the industry evolves, staying proactive against such threats will be essential for safeguarding reputations and assets—consider reviewing your own messaging accounts today to stay ahead of potential breaches.

This follows broader patterns in crypto security; for instance, months earlier, BNB Chain’s official X account was compromised on October 1, leading to phishing posts and $8,000 in user losses, though all affected parties were reimbursed. Binance co-founder Changpeng Zhao, or CZ, echoed the caution by stating on X that his WeChat remains unused and he would never promote memecoin contracts there. Such warnings from industry veterans highlight the growing sophistication of attacks on centralized platforms used by decentralized finance players.

In China, the telecom system’s practice of recycling numbers creates systemic risks, as noted by Yu Xuan. He detailed how attackers might use leaked data from past breaches to stuff credentials, then impersonate recovery requests via contacts. This low-tech vector contrasts with the high-tech allure of blockchain but proves equally damaging, especially when tied to influential figures like Yi He, whose role now amplifies Binance’s strategic direction.

Lookonchain’s on-chain analysis confirmed the financial toll, tracking the $55,000 haul from the token manipulation shortly after the hijack. While Yi He confirmed the account’s irretrievability, the episode serves as a stark reminder for the crypto community to diversify communication tools and adopt multi-factor authentication rigorously. Experts like those at SlowMist continue to advocate for these measures, drawing from real-world tests to educate users on evolving threats.