Binance CEO had WeChat hacked by cellphone exploit that likely leaves your own crypto exposed

Binance co-CEO Yi He's WeChat account was hijacked on December 10th after the cell number linked to it was reclaimed, though the account was later restored with WeChat's security team's help. The takeover resulted in posts promoting a token called “Mubarakah,” leading to an estimated $55,000 pump-and-dump. This incident underscores a broader vulnerability where web accounts tied to phone numbers can be captured through recovery flows, bypassing direct crypto wallet security. The article draws parallels to the SEC's X compromise, where a lack of two-factor protection on a phone number led to market disruption. Security experts note that methods like WeChat's "frequent contacts" verification, combined with recycled phone numbers, create a low-friction path for attackers. For executives, compromised social accounts act like market infrastructure, capable of mobilizing significant volume. Risk reduction measures suggested include disabling phone/SMS recovery for dormant executive accounts, enforcing hardware keys, and platform-side changes like requiring recent device logins before allowing mass posting from accounts linked to recycled numbers.

(Source：CryptoSlate)