Binance Co-CEO’s WeChat Hacked in MUBARA Memecoin Pump-and-Dump Scam
A high-profile hack targets one of crypto's biggest names—exposing the wild west risks lurking behind even the most polished corporate facades.
The Breach
Attackers compromised the personal WeChat account of Binance's co-CEO, using the platform to promote the MUBARA memecoin. The unauthorized posts urged followers to buy into what quickly unraveled as a classic pump-and-dump scheme.
The Aftermath
The incident triggered immediate damage control from Binance. Official channels disavowed the posts, labeling them a scam and warning users. The MUBARA token, predictably, spiked on the fake endorsement before crashing—leaving late buyers holding the bag. It's a stark reminder that in crypto, sometimes the biggest risk isn't market volatility, but a hacked social media account.
The Bigger Picture
This isn't just about one executive's compromised chat app. It highlights a critical vulnerability for the entire industry: the personal-brand-as-corporate-asset. When a leader's social following becomes a target, it blurs the line between personal security and exchange integrity. It also offers a cynical lesson in crypto finance: even the most sophisticated players can get caught in the oldest trick in the book—the hype-and-grab.
Security teams are scrambling, but the genie's out of the bottle. Trust, once again, proves to be the most volatile asset of all.
TLDR
- Binance co-CEO Yi He’s WeChat account was hacked on Tuesday and used to promote a memecoin called MUBARA in a pump-and-dump scheme
- The attackers created two new wallets and spent 19,479 USDT to buy 21.16 million MUBARA tokens before the fake endorsement spread
- Trading volume and price spiked sharply on decentralized exchanges as the fake promotion circulated through WeChat channels
- The hackers sold 11.95 million tokens for 43,520 USDT and still hold 9.21 million tokens worth around $31,000, making roughly $55,000 in profit
- Yi He said she no longer uses WeChat and the phone number linked to the account was taken over, preventing her from recovering access
Binance founder Changpeng Zhao warned users on Tuesday that the WeChat account of newly appointed co-CEO Yi He was compromised by hackers. The attackers used the account to promote a little-known memecoin in what became a pump-and-dump trading scheme.
Zhao posted on X urging followers to ignore any messages from the compromised account. He wrote that “Web2 social media security is not that strong” and told users not to buy memecoins from the hacker’s posts.
Someone hacked @heyibinance’s WeChat account. Do not buy meme coins from the hackers posts.
Web 2 social media security is not that strong.
Stay safu!
— CZ
BNB (@cz_binance) December 10, 2025
Yi He explained she stopped using WeChat years ago. She said the phone number tied to the account was taken over, which prevented her from regaining access.
The hack occurred less than a week after Binance elevated Yi He to co-CEO during the company’s Blockchain Week event. Co-founder Richard Teng described her as a driving force at the exchange since its beginning.
Someone hacked @heyibinance's WeChat account, and posted about $Mubarakah, sending the token's price soaring. @cz_binance
The hacker created 2 new wallets(0x6739 and 0xD0B8) ~7 hours ago and spent 19,479 $USDT to buy 21.16M $Mubarakah.
After the pump, the hacker has already… pic.twitter.com/39ncDQjgSe
— Lookonchain (@lookonchain) December 10, 2025
On-chain data reveals how quickly the social media breach turned into a trading exploit. Blockchain analytics account Lookonchain tracked two newly created wallets that accumulated roughly 21.16 million MUBARA tokens.
Early Token Purchases Before Fake Endorsement
The wallets spent 19,479 USDT to buy MUBARA tokens through PancakeSwap and related decentralized exchange routes. These purchases happened before the fake endorsement began spreading through WeChat channels.
MUBARA is a memecoin that trades on decentralized exchanges with limited prior trading activity. The token saw minimal attention before the hacked account began promoting it.
As the false endorsement circulated, trading volume and price spiked sharply on Dexscreener charts. Retail traders reacting to what appeared to be an endorsement from a top Binance executive began buying the token.
The attackers then started selling their position as fresh liquidity arrived. This followed a familiar pattern of buying early, creating artificial demand through a compromised high-profile account, and selling into the surge.
Attacker Profits From Market Manipulation
According to Lookonchain’s analysis, the attacker sold 11.95 million MUBARA tokens for 43,520 USDT. The hacker still holds another 9.21 million tokens worth roughly $31,000.
Current estimates put the profit NEAR $55,000 with remaining inventory yet to be sold. The remaining holdings give the attacker additional room to sell if trading activity continues.
Late traders who bought based on the apparent endorsement were left exposed as the price reversed almost immediately. The selling began once enough liquidity entered the market.
Binance has not issued a separate statement beyond the warnings from Zhao and Yi He. The incident highlights security vulnerabilities in Web2 social media platforms that can be exploited for financial gain in crypto markets.
