Security Vulnerabilities Exposed in Crypto Executive's WeChat Hack
Yi He, Binance’s newly appointed co-CEO, became the latest victim of a WeChat hack after her old mobile number was hijacked. In a revealing post on X, Yi explained that her account was compromised, and the phone number used for recovery could not be retrieved. This attack not only exposed a major vulnerability in Web2 messaging platforms but also led to the promotion of a token scam. The attackers used Yi’s compromised account to pump the price of a token called Mubarakah, making a quick $55,000 from the scheme, according to blockchain analytics firm Lookonchain.
This breach comes just days after Yi He was named co-CEO of Binance, with CEO Richard Teng announcing the appointment at Binance Blockchain Week in Dubai, calling it a “natural progression.” The hack raises significant concerns about the security of messaging platforms in the crypto space, a worry that has been echoed by other high-profile figures in the industry. Notably, Tron founder Justin Sun also fell victim to a similar WeChat compromise in November.
微信被盗。
— Yi He (@heyibinance) December 10, 2025
Method of Account Hijacking and Profit Generation
Yu Xuan, the founder of SlowMist, explained how easily these WeChat account takeovers can happen. According to Yu, attackers with access to leaked login credentials can take control by simply reaching out to two “frequent contacts” – people who may have never directly messaged the target but interacted briefly in shared groups. This method highlights how low the barrier is for these types of social engineering attacks.
Additionally, Yu warned about China’s telecom policy, where canceled mobile numbers are often reassigned after a few months, making it easier for attackers to exploit SIM-linked accounts. The breach emphasizes the need for heightened security for high-profile individuals, particularly those in the crypto sector. Yu advised people to be cautious when adding contacts, rotate passwords regularly, and act quickly if they receive suspicious login alerts.
Wider Security Risks for the Crypto Industry
Yi He’s hack is just one example of a larger issue facing the crypto industry. Earlier this year, BNB Chain’s official X account was hacked, with attackers posting phishing links and causing the loss of $8,000 in user funds. Binance quickly reimbursed affected users, but the attack underscored the vulnerabilities within the ecosystem. Binance’s co-founder, Changpeng Zhao (CZ), also took to X to warn users about potential threats, stressing that he would not use his WeChat account to promote any memecoin contract addresses.
希望下一个不是我的号。
我多年没用微信了。也不会直接推任何meme CA。请大家注意安全。
https://t.co/oLWYELu85u
— CZ
BNB (@cz_binance) December 10, 2025
The breach highlights the need for better security protocols for crypto executives and the growing threat posed by social media platforms in the Web2 space. As attacks like this become more common, it’s clear that the industry must continue to evolve its security practices to safeguard both users and high-profile figures.