Senior figures in the cryptocurrency industry have reported that their WeChat accounts were compromised and used to promote tokens without their consent. The incidents raised concerns about security practices on widely used social platforms and highlighted risks associated with inactive accounts linked to outdated contact information. Analysts said that the attacks show how account takeovers can be used to influence trading behaviour by exploiting the credibility of well-known industry leaders.
One incident involved Yi He, co-founder and co-chief executive of Binance. She stated that her long-inactive WeChat account was taken over after the mobile number previously linked to the account was reassigned by a telecom provider. Attackers used the profile to publish posts that appeared to endorse a token known as Mubarakah. Blockchain analysts observed that wallets connected to the attackers accumulated the token before the promotional messages appeared, followed by a rise in trading activity. Estimates indicated that the attackers gained about USD 55,000 before the account was recovered.
Yi He said she no longer had access to the old phone number and that the account had not been used for some time. Binance reported that it worked with WeChat to restore control of the profile. Changpeng Zhao, founder of Binance, advised users not to trust posts from the compromised account and said that he and other executives do not promote tokens through that platform. Analysts noted that the public announcement of Yi He’s new position shortly before the breach may have increased the credibility of the fraudulent messages.
A separate incident occurred in late November when the WeChat account of Tron founder Justin Sun was compromised. Sun stated that he contacted WeChat to recover the account and issued warnings to avoid misinformation stemming from the breach. The close timing of the two cases suggested to analysts that high-profile individuals in the sector are being targeted because of their influence and large following.
Security specialists said the incidents underline the importance of updating authentication methods for older accounts, particularly those linked to recycled mobile numbers. They recommended that executives review account recovery settings, use strong authentication mechanisms, and monitor for unusual activity. Analysts added that account takeovers can mislead followers and distort market signals when compromised profiles are used to promote digital assets.
Observers said that while the financial scale of the schemes was limited, the events demonstrated how social engineering and account compromise can intersect with trading activity. They noted that increased vigilance across both social media and digital asset platforms is needed to reduce the risks associated with unauthorised account access.