Binance Co-CEO Yi He’s WeChat Account Hacked for MUBARA Memecoin Scam

TLDR

• Hackers compromised Binance co-CEO Yi He’s WeChat account on Tuesday to promote MUBARA memecoin in a coordinated pump-and-dump operation
• Two wallets bought 21.16 million MUBARA tokens for 19,479 USDT before spreading fake endorsements through the compromised account
• The token’s price and volume surged on decentralized exchanges as retail traders responded to the apparent executive endorsement
• Attackers have sold 11.95 million tokens for 43,520 USDT and hold 9.21 million more worth $31,000, profiting approximately $55,000
• The incident happened days after Yi He’s promotion to co-CEO during Binance Blockchain Week

Binance founder Changpeng Zhao issued a warning on Tuesday after hackers compromised the WeChat account of co-CEO Yi He. The attackers used the account to orchestrate a pump-and-dump scheme involving the MUBARA memecoin.

Zhao posted on X telling users to ignore messages from the hacked account. He noted that Web2 social media security remains weak and advised followers not to purchase memecoins promoted through the compromised posts.

Yi He confirmed she abandoned WeChat years ago. The phone number connected to the account was taken over by the hackers, blocking her ability to recover access.

The security breach occurred less than a week after Binance promoted Yi He to co-CEO. The announcement came during the exchange’s Blockchain Week event, where co-founder Richard Teng praised her contributions to the platform.

How the Pump-and-Dump Scheme Unfolded

Blockchain analytics firm Lookonchain tracked the exploit through on-chain data. Two newly created wallets purchased approximately 21.16 million MUBARA tokens using 19,479 USDT.

The buyers used PancakeSwap and other decentralized exchanges to accumulate their position. These purchases happened before the fake endorsements began circulating through WeChat.

MUBARA is a low-profile memecoin trading on decentralized platforms. The token had minimal trading activity before the hacked account started promoting it.

Once the false endorsement spread through WeChat channels, MUBARA’s price and volume jumped sharply. Dexscreener charts showed the sudden spike as retail traders entered the market.

The attackers exploited what appeared to be a legitimate recommendation from a senior Binance executive. Traders rushed to buy the token based on the compromised account’s posts.

Attackers Extract Profits as Price Collapses

The hackers began selling their holdings after new liquidity entered the market. According to Lookonchain, they sold 11.95 million MUBARA tokens for 43,520 USDT.

The wallets still contain 9.21 million tokens valued at roughly $31,000. Total profits stand near $55,000 with additional tokens available to sell.

The scheme followed a standard exploit pattern. Attackers bought early, used the compromised account to generate demand, then sold into the buying pressure.

Late buyers faced immediate losses as the price reversed. The selling started once sufficient liquidity had arrived from retail traders.

Binance has not released an official statement beyond the warnings from Zhao and Yi He. The incident demonstrates ongoing security risks in social media platforms used by crypto industry figures.