The breach set off a brief mania across crypto-active circles on WeChat, sending the token soaring nearly 900% before collapsing hours later.
A dormant WeChat account belonging to Binance co-CEO Yi He was hijacked on Dec. 9, enabling attackers to run a fast, targeted pump-and-dump scheme involving the memecoin MUBARA (also known as Mubarakah).
The incident marks the second Binance-related social-platform compromise this quarter and highlights how security weaknesses in aging Web2 platforms continue to spill into on-chain markets.
How the scam was set up
Yi He, who recently joined Richard Teng as Binance’s co-CEO, confirmed her old WeChat account was overtaken after attackers accessed the phone number linked to it. The account was long abandoned and impossible to recover.
Once inside, the hackers began posting bullish claims about MUBARA, painting it as a high-upside opportunity. Because many of Yi He’s legacy contacts are active in China-based crypto trading groups, the posts triggered immediate speculation and rapid inflows.
According to on-chain traces from Lookonchain, the attacker created two new wallets approximately five to seven hours before the scam posts went live. Those wallets quietly accumulated 21.16 million MUBARA for 19,479 USDT.
Minutes after the fraudulent messages began circulating, MUBARA spiked from $0.001 to roughly $0.008, briefly pushing the market value to around $8 million on BNB Chain DEXs.
Liquidity surged — and the attackers began exiting.
By the following morning, the wallets had sold 11.95 million tokens for 43,520 USDT, leaving 9.21 million tokensworth about $31,000. The realized profit sits near $55,000, with additional upside possible depending on the value of the unsold tokens.
Several KOLs on X flagged suspicious addresses that appeared to front-run the pump before the WeChat posts were public, suggesting that some traders had advance knowledge of the scheme.
Someone hacked @heyibinance's WeChat account, and posted about $Mubarakah, sending the token's price soaring. @cz_binance
— Lookonchain (@lookonchain) December 10, 2025
The hacker created 2 new wallets(0x6739 and 0xD0B8) ~7 hours ago and spent 19,479 $USDT to buy 21.16M $Mubarakah.
After the pump, the hacker has already… pic.twitter.com/39ncDQjgSe
CZ and Yi He respond
Binance founder Changpeng Zhao quickly issued a warning on X:
“Someone hacked Yi He’s WeChat account. Do not buy meme coins from the hackers posts.”
He reiterated the longstanding view that traditional social platforms are not built to withstand modern attack methods:
“Web2 social media security is not that strong. Stay safu!”
Yi He echoed the warning, confirming that the account had been inactive and unrecoverable. She urged users to disregard any token promotions connected to it, noting the breach underscores a rising pattern of attackers exploiting social networks embedded in crypto-trading communities, especially those still heavily used in mainland China.
Mubarakah’s recent market context
Launched on March 18 on the BNB Chain, Mubarakah entered the market at $0.00007767, with its all-time high set on debut day at $0.02604. The token later retraced below $0.02 in April and has broadly tracked volatile memecoin cycles since.
As of this reporting, MUBARA trades near $0.002818, down 88% from its ATH but still 3,600% above its historical low and 168% above its 24-hour bottom.
The hacking-fueled price whiplash adds yet another layer to its turbulent trading history.
Second Binance-Linked social account breach this quarter
The breach of Yi He’s WeChat account is the second high-visibility incident tied to Binance-affiliated channels in Q4 2025. In October, the official X account for BNB Chain was hijacked and used to promote a fake rewards campaign involving a phishing link.
At the time, Zhao warned users:
“Please do not click on any links recently posted from this account.”
Attackers deployed a phishing contract and spread ten malicious links across multiple chains. Losses totaled around $8,000, with one victim alone losing $6,500.
The pattern suggests attackers are increasingly exploiting platforms connected to Binance’s ecosystem to add a veneer of credibility to rapid-execution scams.
SimpleX chat also compromised on the same day
In a separate but similarly timed incident, the privacy-focused messenger SimpleX Chat reported that its official X account was compromised to impersonate its onboarding flow and steal user wallet data.
Hackers exploited X’s “delegate” feature to obtain posting rights through a rogue third-party account, then published a fake “Perpetuals Early Access” program directing users to a phishing domain with a “Connect Wallet” button.
SimpleX founder Evgeny Poberezkin said attackers blocked his personal account to prevent him from issuing warnings. The team eventually regained access with platform support.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
