Binance Co-CEO Yi He Steps Up: Compensates Users After Scam Token Promotion Via Hacked WeChat Account
When a top executive's social media gets compromised, the fallout can be swift and costly. Binance co-CEO Yi He is now personally addressing the aftermath of a fraudulent token promotion that originated from her hacked WeChat account.
The Breach and the Payout
The incident highlights a persistent vulnerability in the crypto space: the human element. Even with robust exchange security, personal accounts remain targets. He's opting for direct compensation—a move that acknowledges responsibility but also underscores how easily trust can be weaponized in decentralized finance.
Accountability in the Age of Social Media
This isn't just about reimbursing losses. It's a public test of leadership accountability. By footing the bill, He aims to contain the reputational damage, sending a clear signal that the platform stands behind its users—even when the breach occurs off its official servers. It’s a costly lesson in personal cybersecurity for the C-suite.
The Bigger Picture
Every hack erodes a little more trust, and in a market fueled by speculation, trust is the most volatile asset of all. While the compensation is a positive step, it does little to solve the core issue: the crypto ecosystem's annoying habit of creating billion-dollar solutions to problems that often start with a simple phishing link. The industry keeps building fortresses, but sometimes leaves the front gate wide open.
What compensation is Binance offering to victims?
Yi He announced that she will personally allocate BNB to conduct an airdrop for users who lost money trading the Mubarakah memecoin. The compensation specifically targets users who traded the scam token on the Binance Web3 Wallet and the Alpha platform.
Yi He expressed sympathy for the affected and committed that the airdrop WOULD be fully distributed within 24 hours of her announcement on December 10, 2025.
She clarified that the compensation is a one-time exception and will not be repeated for future incidents. She stated that neither she, the official Binance account, nor any Binance employees would recommend memecoins because such content lacks long-term viability and price support.
The founder of SlowMist, Yu Xuan, republished his research on how WeChat account takeovers occur. Chinese telecom carriers reassign inactive phone numbers after approximately three months of disuse.
Once an attacker obtains access to a recycled phone number that was previously linked to a WeChat account, they can initiate an account recovery process. The system requires contacting just two frequent contacts to verify identity. These contacts might include people who were never directly messaged and only added as friends or interacted with briefly in shared groups.
WeChat takeovers of prominent crypto figures have sort of become a thing, as Tron founder Justin Sun also reported on November 30, 2025, that his account was hacked, prompting him to contact the platform to regain access.
Yi He herself was previously impersonated in a separate incident in March 2025.
Yi He’s WeChat was hacked
According to blockchain analytics firm Lookonchain, the hackers created two new wallets approximately seven hours before posting about the token and spent 19,479 USDT to purchase 21.16 million MUBARA tokens through PancakeSwap and other decentralized exchanges.
After being promoted on Yi He’s compromised WeChat account, the price of the token surged from around $0.001 to $0.008, representing an increase of over 800%. The token’s market cap briefly touched $8 million as unsuspecting traders rushed to buy based on what appeared to be an endorsement from the Binance executive.
The attackers then sold 11.95 million tokens for 43,520 USDT, securing approximately $55,000 in profit before the token crashed more than 60%.
Binance co-founder Changpeng Zhao quickly warned users on X, stating that Web2 social media security is not strong and urging the community to avoid buying memecoins from the hacked posts. Yi He recovered her account through external verification and changed the password.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
