- Binance co-CEO Yi He’s WeChat account was hacked to promote MUBARA meme coin.
- Hackers accumulated 21.16 million MUBARA tokens before executing pump-and-dump scheme.
- Yi He recovered the account through external verification and password change.
Binance co-CEO Yi He successfully recovered her compromised WeChat account on December 9, 2025 after hackers used the platform to plan a pump-and-dump scheme involving the MUBARA meme coin.
The breach occurred just days after Yi He’s promotion to co-CEO alongside Richard Teng during Binance Blockchain Week.
Changpeng Zhao, Binance founder, issued a public warning on X urging users not to purchase meme coins promoted through the hacked account.
Hackers target Binance co-CEO’s dormant WeChat account
The attackers compromised Yi He’s old WeChat account linked to a phone number no longer under her control. The dormant account provided an entry point for the social engineering attack.
Yi He suspects the hackers posed as friends seeking help and feedback before taking full control of the account. The tactic allowed them to establish credibility and access to her contact list.
The timing of the attack coincided with Yi He’s elevated profile at Binance. Her recent promotion to co-CEO gave the compromised account more potential reach and credibility among crypto traders.
The hackers prepared the scheme carefully, establishing two new wallets approximately seven hours before posting fraudulent messages.
MUBARA token surges 700% as fake endorsement spreads
Blockchain analysis firm Lookonchain documented the scheme’s execution. The attackers quietly accumulated 21.16 million MUBARA tokens by spending 19,479 USDT through PancakeSwap and other decentralized exchanges on BNB Chain.
Someone hacked @heyibinance's WeChat account, and posted about $Mubarakah, sending the token's price soaring. @cz_binance
The hacker created 2 new wallets(0x6739 and 0xD0B8) ~7 hours ago and spent 19,479 $USDT to buy 21.16M $Mubarakah.
After the pump, the hacker has already… pic.twitter.com/39ncDQjgSe
— Lookonchain (@lookonchain) December 10, 2025
The meme coin’s price skyrocketed from approximately $0.001 to $0.008 within minutes of the fraudulent posts going live. The 700% surge pushed MUBARA’s market capitalization to roughly $8 million at its peak.
Blockchain analysis suggested that certain traders may have front-run the public posts. The front-running activity potentially amplified volatility and increased losses for late-entry investors.
Attackers profit $55,000 from coordinated pump-and-dump
The hackers began unloading their holdings as liquidity entered the market. By the morning of December 10, they had sold approximately 11.95 million tokens for 43,520 USDT.
The attackers retained 9.21 million tokens valued at around $31,000 following the initial sell-off. The remaining holdings provided potential for additional gains if they could find exit liquidity.
Total realized profits reached approximately $55,000 from the scheme. The seven-hour preparation window and coordinated execution allowed the hackers to maximize returns from the manipulation.
Binance co-CEO recovers compromised account after initial setback
Yi He initially stated the account could not be recovered because of the compromised phone number. The linked phone number was no longer under her control.
Subsequent reports revealed Yi He successfully regained control through external verification and password change procedures.
The successful recovery allowed Yi He to secure the account and prevent additional fraudulent posts.
Changpeng Zhao publicly warned users on X: “Someone hacked Yi He’s WeChat account. Don’t buy meme coins from the hackers’ posts.” The Binance founder moved quickly to alert the community about the fraudulent activity.
Someone hacked @heyibinance’s WeChat account. Do not buy meme coins from the hackers posts.
Web 2 social media security is not that strong.
Stay safu!
— CZ 🔶 BNB (@cz_binance) December 10, 2025
Zhao emphasized security weaknesses in web2 social media platforms, stating: “Web 2.0 social media security isn’t that strong. Stay safu!” The comment highlighted the contrast between centralized social platforms and blockchain security models.
The incident adds to growing concerns about social engineering attacks targeting crypto industry figures. Compromised social media accounts have become a common vector for scams targeting retail investors.
2025 crypto hacks exceed $2.3 billion in losses
The Yi He WeChat hack occurred during a year marked by major security breaches across the crypto ecosystem. 2025 has seen over $2.3 billion lost across platforms including Bybit, Coinbase, and Cetus.
Bybit suffered the largest hack in crypto history on February 21, 2025, losing approximately $1.46 billion in crypto assets. Investigators attributed the attack to malware that tricked the platform into approving unauthorized transactions.
Elliptic linked the Bybit breach to North Korea’s Lazarus Group based on laundering patterns. Since 2017, North Korea-linked cybercriminals have stolen over $6 billion in crypto assets.
Coinbase experienced a social engineering attack in May when overseas support contractors were bribed by attackers. The exploit allowed unauthorized access to user account data, with estimated damages approaching $400 million.
Cetus on the Sui blockchain suffered a $220 million exploit when attackers used fake token contracts to manipulate pool balances. The massive breach prompted the Cetus team to pause protocol operations and coordinate with the Sui Foundation.
DeFi protocols remain among the most vulnerable targets. Abracadabra lost $1.8 million in October through a flash-loan exploit targeting a rounding vulnerability in its lending contract.
