The rapid growth of location-based social network (LBSN) applications - such as WeChat, Momo, and Yik Yak - has in essence facilitated the promotion of anonymously sharing instant messages and open discussions. These services breed a unique anonymous atmosphere for users to discover their geographic neighborhoods and then initiate private communications. In this paper, we demonstrate how such location-based features of WeChat can be exploited to determine the user's location with sufficient accuracy in any city from any location in the world. Guided by the number theory, we design and implement two generic localization attack algorithms to track anonymous users' locations that can be potentially adapted to any other LBSN services. We evaluated the performance of the proposed algorithms using Matlab simulation experiments and also deployed real-world experiments for validating our methodology. Our results show that WeChat, and other LBSN services as such, have a potential location privacy leakage problem. Finally, k-anonymity based countermeasures are proposed to mitigate the localization attacks without significantly compromising the quality-of-service of LBSN applications. We expect our research to bring this serious privacy pertinent issue into the spotlight and hopefully motivate better privacy-preserving LBSN designs.