TLDR
- Binance co-CEO Yi He’s WeChat account was hacked Tuesday and used to promote MUBARA memecoin in a pump-and-dump scam
- Hackers created two wallets and purchased 21.16 million MUBARA tokens for 19,479 USDT before posting fake endorsements
- The token’s price spiked on decentralized exchanges as traders believed they were seeing a legitimate Binance executive recommendation
- The attackers sold 11.95 million tokens for 43,520 USDT and still hold 9.21 million tokens worth around $31,000
- Yi He said the phone number linked to her old WeChat account was hijacked, preventing her from recovering it
Binance founder Changpeng Zhao warned users Tuesday that hackers gained control of co-CEO Yi He’s WeChat account. The attackers used the compromised account to run a pump-and-dump scheme centered on MUBARA memecoin.
Zhao posted on X urging people to ignore any messages from the hacked account. He emphasized that Web2 social media platforms have weak security and told users to avoid buying memecoins promoted in the fraudulent posts.
Yi He stated she stopped using WeChat several years ago. Hackers took control of the phone number associated with the account, which prevented her from regaining access.
The hack came less than one week after Binance elevated Yi He to co-CEO. The promotion was announced at the exchange’s recent Blockchain Week event.
Coordinated Token Purchases Before Fake Promotion
On-chain analysis from Lookonchain revealed how the scheme operated. Two newly created wallets bought approximately 21.16 million MUBARA tokens using 19,479 USDT.
The purchases occurred through PancakeSwap and similar decentralized exchange platforms. The hackers completed these transactions before beginning their promotional campaign through the compromised WeChat account.
MUBARA is a memecoin with limited trading history on decentralized exchanges. The token had almost no activity before the hacked account started promoting it to Yi He’s contacts.
After the fake endorsement spread through WeChat, MUBARA’s trading volume and price jumped sharply. Charts on Dexscreener showed the rapid increase as retail investors entered the market.
Traders responded to what looked like a recommendation from a top Binance executive. The compromised account’s posts created artificial demand for the low-volume token.
Profits Extracted as Retail Traders Buy In
The hackers started selling their position once new buyers provided liquidity. Lookonchain data shows they sold 11.95 million MUBARA tokens for 43,520 USDT.
The two wallets still contain 9.21 million tokens worth approximately $31,000. Current profit estimates place the total near $55,000 with additional tokens remaining unsold.
The operation followed a classic pump-and-dump structure. Attackers accumulated tokens cheaply, used the hacked high-profile account to drive buying interest, then dumped their holdings into the surge.
Retail traders who bought based on the fake endorsement faced immediate losses. The price reversed quickly once the attackers began their selling campaign.
Binance has not issued a formal statement beyond warnings from Zhao and Yi He. The incident highlights vulnerability in social media accounts controlled by crypto executives.
The hack demonstrates how compromised social media accounts can be weaponized for market manipulation. Traders acting on information from supposedly trusted sources become exit liquidity for coordinated schemes.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
