Slow Fog founder Yu Xian: WeChat account theft is often due to the abandonment of mobile phone numbers leading to loss of control or social engineering attacks on verification codes

The founder of Slow Fog, Yu Xian, analyzed the "He Yi WeChat account theft" incident, stating that this account theft likely occurred because hackers took control of a user's long-abandoned phone number, thereby taking over the identity infrastructure linked to the WeChat account. Another common risk is social engineering attacks involving verification codes: after obtaining the leaked account password, hackers impersonate the user to request a 6-digit verification code from two of the user's frequently contacted WeChat friends, thus completing the account theft.

Yu Xian pointed out that the prerequisites for the attack include matching account passwords from already leaked data and prior collection of information about the victim's frequently contacted friends (including users with whom there has only been interaction in group chats). Attackers often choose to execute their plans late at night, which is common in OTC scams targeting cryptocurrency users.

He reminded users to be cautious when adding unfamiliar WeChat friends, to change their passwords in a timely manner, and to pay attention to various risk alerts from WeChat.