How a WeChat Payment System Was Hijacked: A Code‑Injection Theft Case Study

Beijing Some Business Service Co. (the plaintiff) provides social‑security payment services and charges service fees.

From April 27, 2016 to November 23, 2018, Zhang served as the company's technical director, independently developing and maintaining its WeChat client and payment system, setting up payment channels and signing collection agreements. Customers followed the company's WeChat public account, selected services, and paid via WeChat. After payment, funds entered Tenpay, which settled daily to the company's corporate account, then to its bank account, from which the company paid social‑security fees on behalf of clients.

After Zhang left on November 23, 2018, the company continued to employ him to maintain the system, paying him about ¥5,000 per month.

Between November 2017 and June 2019, Zhang used technical means to embed code in the WeChat payment system, causing a portion of client payments to be transferred to a bank account controlled by his own company, XX (Beijing) Technology Co.

Through this scheme Zhang stole a total of ¥3,332,755.85, of which ¥2,116,091.11 was frozen in a bank card under his name; the remaining proceeds have not been recovered.

The plaintiff discovered the irregularities on July 26, 2019, reported them to the police, and Zhang was arrested on August 5, 2019, subsequently confessing to the crimes.

Evidence

Zhang’s own statements confirm his role as technical director, the complete payment flow, and that after his resignation he continued to receive monthly remuneration for system maintenance.

Witness statements from Chen and He corroborate that Zhang designed and maintained the WeChat payment system, continued to be paid after leaving, and inserted code that redirected funds to his controlled account.

Court Findings

The court held that Zhang acted with the intent of illegal possession, stealing public and private funds in an especially large amount, thereby constituting theft rather than embezzlement, as he lacked managerial control over the funds.

He was sentenced to twelve years imprisonment, deprivation of political rights for two years, and a fine of ¥200,000. He was also ordered to repay ¥3,332,755.85 to Beijing Some Business Service Co.