CZ Failed to Secure His WhatsApp Handle — and That Reveals a Dangerous Impersonation Gap
Binance's former CEO CZ failed to claim his WhatsApp username during the platform's new custom handle rollout, spotlighting serious impersonation and scam risks for public figures and everyday users alike.
Binance's former CEO Changpeng Zhao, widely known as CZ, publicly admitted this week that he was unable to claim his preferred username during WhatsApp's ongoing global rollout of its new custom handle system. The admission, shared on social media with a laughing emoji, was brief — but its implications for platform security are anything but funny.
WhatsApp launched its username feature this week, allowing users to replace phone numbers with custom identifiers as the primary way to connect with others. The rollout follows a first-come, first-served model, meaning any username not immediately claimed by its rightful owner is up for grabs. CZ's failure to secure his own name perfectly illustrates just how exposed public figures, brands, and institutions are under this system.
"Tried, couldn't reserve that name. So, definitely not me," CZ wrote on X, attaching a screenshot as evidence.
WhatsApp has introduced some protective measures alongside the new feature. The platform announced that verified creators, small businesses, and organizations can transfer their existing Facebook or Instagram usernames directly to WhatsApp. An optional username key — a four-digit code required before a stranger can initiate contact — is also available, though it is disabled by default. WhatsApp also plans to implement rate-limiting on new contact requests and block repeated attempts to guess a username key, targeting the kind of abuse patterns that have long plagued Telegram.
However, critics point out that the default-off nature of the key feature leaves most users vulnerable. Security researchers are urging people to enable the key manually in settings before scammers begin exploiting unclaimed or lookalike usernames. The lookalike risk is particularly concerning: bad actors can substitute visually similar characters — such as a capital letter "I" in place of a lowercase "l" — to create handles that are nearly indistinguishable from legitimate ones without a careful side-by-side comparison.
The situation also has a speculative dimension. A growing segment of users is racing to register valuable handles early, betting on future resale profits. The behavior echoes what happened on Telegram, where the Fragment marketplace — built on TON blockchain tokens — turned premium usernames into tradable digital assets. Telegram founder Pavel Durov revealed in July 2025 that the handle "@crypto" had received a $25 million offer, while "@news" reportedly sold for $5.8 million in the same year.
WhatsApp usernames are currently free to reserve directly through the app. Meta has not announced any marketplace for trading them, and without an infrastructure like Telegram's tokenized Fragment platform, the resale market may never fully materialize. Still, that hasn't stopped speculators from trying.
The broader context makes this more than just a novelty risk. Crypto users in particular have faced elevated fraud exposure throughout 2026, with June's hack losses confirming that attackers are actively targeting both platforms and individuals. A recent impersonation-based staking scam even resulted in a criminal conviction, signaling that regulators are watching these developments closely.
Experts advise that users should never trust a message from a high-profile contact based solely on a username. Verifying through an official, independently confirmed account remains the safest course of action. Enabling the optional username key is a basic but critical step that Meta should arguably make mandatory rather than opt-in.
WhatsApp's full global username rollout is still expected to take several more weeks, giving Meta a window to strengthen its safeguards before the system reaches its entire user base of approximately three billion people. Whether those protections will be in place before opportunistic scammers fully adapt to the new landscape is the central question hanging over the feature's launch.

