How is a WeChat account stolen? (This article is mainly based on AI organization)
Today, the WeChat account of Binance co-founder He Yi was stolen, and hackers posted fake messages in Moments and multiple groups.
Many users, especially those in the cryptocurrency circle who frequently travel between domestic and international locations, often have the habit of changing their phone numbers. The culprit behind this series of account thefts is the operator mechanism that many users overlook—reissuing phone numbers.
What is "reissuing phone numbers"?
When a user stops renewing a phone number or actively cancels that number, the operator will, for resource utilization, reissue the number to the market after a "frozen period" (usually 3-6 months).
How do hackers exploit this?
This creates a fatal time gap and logical loophole:
Forgotten bindings: The original owner may have abandoned the phone number but often forgets to unlink the WeChat account associated with that number.
New owner's privilege: Once hackers (or new users who unintentionally purchase the number) obtain this "old number," they only need to select "Login with Phone Number" or "Retrieve Password" on the WeChat login interface.
SMS verification code breach: The WeChat system recognizes that the phone number is already registered and immediately sends an SMS verification code. The hacker holding the new SIM card inputs the code and easily resets the password.
Direct access: Once logged in successfully, the hacker gains complete control of the account, including Moments, group chats, and contacts.
For cryptocurrency users, the risk is amplified due to the frequent use of backup phones, overseas SIM cards, or domestic numbers being suspended due to unpaid bills while abroad.
In addition to reissuing phone numbers, the following two situations are also common causes of WeChat account theft:
Phishing links and Trojans: Hackers disguise themselves as project parties or customer service from trading platforms, sending links or files with Trojans (e.g., .exe disguised as .pdf). Once clicked on WeChat on a computer, the Trojan immediately steals login credentials.
Zombie follower cleaning tools: Many people authorize third-party, unsafe "cleaning software" to scan login QR codes to clean up friends, which is equivalent to handing over account control to strangers.
How to prevent your WeChat account from being stolen?
Now that we understand the principles, prevention is not difficult. Please immediately check your WeChat settings against the following checklist:
- Core rule: If the number changes, the binding must change
This is the most important point. If your phone number is no longer in use (whether canceled or stopped renewal), please ensure to complete the WeChat binding change before the number is deactivated.
Operation path: WeChat > Me > Settings > Account and Security > Phone Number > Change Phone Number.
Note: Simply unbinding in WeChat is not enough; you also need to check the binding status of key apps like bank cards and trading platforms.
- Enable "Account Protection" and "Voice Lock"
Preventing login from unfamiliar devices is the second line of defense.
Account protection: Once enabled, logging into WeChat on an uncommon phone requires verification of a code sent by friends, significantly increasing the difficulty for hackers to invade.
Voice lock: Setting up a voice lock (WeChat Voiceprint) requires reading random numbers during login, making it difficult for hackers to replicate biometric features.
- Set up "Emergency Contacts"
In extreme cases of account theft, emergency contacts can help you quickly appeal to recover your account, shortening the time window for hackers to commit their crimes.
- Operation path: WeChat > Me > Settings > Account and Security > Emergency Contacts.
- Isolate sensitive operations
Do not directly transmit private keys or mnemonic phrases in WeChat.
For messages like "need help transferring money," "borrowing money," or "sudden major good news," even if they come from acquaintances, please be sure to confirm via phone or video.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
