In a stark reminder that the crypto industry’s greatest vulnerabilities may exist off-chain, Binance co-founder and newly appointed co-CEO Yi He became the latest high-profile victim of a social media account takeover. On December 10, 2025, hackers compromised her WeChat account and used it to promote the little-known Mubarakah (MUBARA) memecoin, executing a classic pump-and-dump scheme that netted an estimated $55,000 in profit.
The Anatomy of a Social Engineering Attack
The breach did not require sophisticated blockchain exploits. Instead, attackers exploited a common weakness in Web2 platforms: an abandoned mobile phone number. Yi He confirmed she had stopped using the WeChat account long ago, and the linked phone number was reassigned to someone else, leaving the account vulnerable to takeover. In China, telecom carriers typically recycle and reissue disconnected numbers after just three months, creating a persistent opening for credential stuffing and SIM-swap attacks.
Once in control, the hacker’s playbook was straightforward yet effective. First, they quietly accumulated a large position in MUBARA tokens. Blockchain analytics firm Lookonchain traced the activity to two new wallets that spent 19,479 USDT to buy approximately 21.16 million MUBARA roughly seven hours before the promotional posts appeared. Then, using the hijacked account, the attacker broadcast promotional content, creating the illusion of an enthusiastic endorsement from a top Binance executive.
Market Manipulation and the Illusion of Endorsement
The fake endorsement triggered a predictable frenzy. Traders, acting on the perceived authority of the post, rushed to buy the token, causing its price to skyrocket. Reports indicate the memecoin’s price surged by nearly 200%, peaking at around $0.008 and briefly pushing its market capitalization over $8 million. This manufactured hype created the “pump”. As liquidity flooded in, the attacker executed the “dump”, selling 11.95 million of their pre-purchased tokens for 43,520 USDT. The scheme left the hacker with a profit of roughly $55,000 and remaining tokens worth about $31,000, while late-coming buyers were left holding an asset whose value rapidly collapsed.
Leadership Response and a Recurring Security Threat
Binance leadership moved quickly to warn the community. Founder Changpeng “CZ” Zhao publicly stated the account was compromised and urged users to ignore the promotional messages, adding a pointed critique: “Web2 social media security is not that strong. Stay safu!”. Yi He herself clarified the situation on X, explaining the account was abandoned and currently unrecoverable.
This incident is not isolated but part of a worrying trend where crypto executives are specifically targeted. Just days earlier, in late November 2025, Tron founder Justin Sun’s WeChat account was similarly hacked to promote a memecoin. Furthermore, in October, the official X account for BNB Chain was compromised in a phishing scheme. Security experts note these attacks have a low barrier to entry; one analysis suggested an attacker with leaked credentials might only need to contact two of the account’s “frequent contacts” to gain control.
A Call for Vigilance in a Connected Ecosystem
The Mubarakah scam underscores a critical lesson for the crypto ecosystem: the security of on-chain assets is inextricably linked to the security of off-chain social identities. For investors, it is a powerful reminder to exercise extreme skepticism towards unsolicited investment promotions, even when they appear to come from trusted figures. For industry leaders and platforms, it highlights the urgent need for robust, multi-factor authentication and proactive management of digital footprints. As the battle for security intensifies, this event proves that hackers are increasingly shifting the battlefield from the blockchain to the messaging apps and social networks where trust is built and community sentiment is formed.
