Getting a message from a top crypto executive tipping a hot new token sounds like a dream come true—until it’s a hacker tricking you into a quick-loss nightmare. That’s exactly what unfolded when Binance co-CEO Yi He’s dormant WeChat account was taken over on December 9, 2025, sparking a rapid meme coin frenzy that left late buyers reeling.
How the Hack Happened and Who It Targeted
Yi He, a Binance co-founder recently promoted to co-CEO alongside Richard Teng, hadn’t used her personal WeChat for years. The attackers exploited an old phone number linked to the account that had been reassigned, allowing them to bypass security and gain control.
Once inside, they posted promotions for a low-profile BNB Chain meme coin called Mubarakah (MUBARA), making it look like an insider endorsement from one of crypto’s most influential figures. Many in China’s active trading communities, where WeChat remains hugely popular, jumped in—only to watch the price collapse soon after.
The Classic Pump-and-Dump Playbook in Action
This wasn’t random—the hackers planned ahead. On-chain trackers like Lookonchain spotted two fresh wallets snapping up over 21 million MUBARA tokens for about $19,500 in USDT hours before the fake posts went live.
As word spread through WeChat contacts and groups, the token’s price rocketed up to 800% in minutes on decentralized exchanges. The scammers then dumped their holdings, pocketing around $55,000 in profits while the value crashed, leaving everyday traders with heavy losses.
CoinDesk and The Block reports describe this as a textbook pump-and-dump, amplified by the perceived credibility of a Binance executive’s account.
Quick Warnings and a Rare Response from Yi He
Binance founder Changpeng Zhao (CZ) was first to sound the alarm on X, posting: “Someone hacked @heyibinance’s WeChat account. Do not buy meme coins from the hackers posts. Web 2 social media security is not that strong. Stay safu!”
Yi He followed up, confirming the breach and noting the account’s recovery after working with WeChat’s team. In an unusual move, she later announced personal compensation via BNB airdrops for affected users who traded the token on Binance platforms—a step beyond typical “buyer beware” advice in crypto.
Red Flags to Watch For in Similar Scams
- Unsolicited tips from high-profile accounts pushing obscure tokens.
- Urgency or “limited time” language creating FOMO (fear of missing out).
- Promotions on older or less-active social channels.
- No official confirmation from verified exchange announcements.
Why These Hacks Keep Happening and How to Stay Safe
WeChat’s reliance on phone numbers for verification creates gaps when numbers get recycled, a issue highlighted in CryptoPotato and Cointelegraph coverage. This incident follows similar breaches, like Tron founder Justin Sun’s in November 2025, showing a pattern targeting prominent crypto voices.
For everyday users, the lesson is simple: Never invest based on social media alone. Verify through official channels, use hardware wallets for big holdings, and enable strong two-factor options beyond SMS.
As crypto grows more mainstream, these blend of old-school social hacks and on-chain tricks remind us that vigilance beats regret. Binance stressed no user funds on the exchange were impacted, but personal security remains everyone’s responsibility.
Sources: CoinDesk reporting on the hack (December 10, 2025), The Block and Lookonchain on-chain analysis, CryptoPotato estimates of scammer profits, and statements from CZ and Yi He on X. Stay informed and trade cautiously—the crypto world moves fast, but scams move faster.
