Hacker Exploits Yi He WeChat to Pump Mubarakah Token: Report
- Zhao reports Yi He’s WeChat got hacked and pushed Mubarakah promo posts to users.
- He warns users to ignore the messages and avoid buying tokens from the hijacked feed.
- Lookonchain links wallet trades to a pump-and-dump, with profit near $55,000 total.
Binance founder Changpeng Zhao said late Tuesday that the WeChat account of Binance co-CEO Yi He was hacked and then used to promote the meme coin Mubarakah. Zhao urged users to ignore any posts from the compromised account and treat the messages as fraudulent. He linked the activity to a pump-and-dump effort that targeted buyers who believed the promotion was legitimate.
Zhao posted his alert on the X platform and told the public not to respond to the promotions. “Someone hacked Yi He’s WeChat account,” he wrote. “Do not buy meme coins from the hackers’ posts,” he added.
He also cautioned that social platforms could be weak points, even when crypto systems have stronger defenses. “Web2 social media security is not that strong. Stay safu!” Zhao said.
Wallet Activity Signals Pump-and-Dump Pattern Behind Mubarakah Spike
Lookonchain shared blockchain records that it said tracked the attacker’s moves after the breach. Two new wallets were created about five hours after the compromise, according to the tracker. The wallets then began buying Mubarakah using funds supplied through Tether (USDT). Lookonchain said the purchases added upward pressure to the token’s price and set the conditions for a profit-taking sell-off.
The tracker reported that more than 21 million Mubarakah tokens were purchased for $19.47K in USDT. Lookonchain said the price later peaked around 1 AM UTC on Wednesday. Near that peak, the attacker sold almost 12 million tokens for about $43,520, the post said. After that sale, the wallets still held more than 9 million tokens valued at roughly $31,000 at the time, according to Lookonchain.
Based on the figures it published, Lookonchain placed the attacker’s profit near $55,000. The estimate combined the value of the sold tokens with the remaining holdings at the time of the transactions.
Zhao also described the incident as a planned operation and commented on what he saw as the limited payoff. He wrote that the hacker got $13k and said security teams were still tracking the activity, with a possible link to KYC.
Related: Upbit Suffers $36M Solana Hot Wallet Hack in Major Breach
Similar WeChat Hacks and Other High-Profile Account Takeovers
The WeChat compromise was compared to a prior incident involving TRON founder Justin Sun. Crypto commentator Snowball said Sun’s WeChat was hacked on November 30 and used to post promotions in Moments.
Snowball said Yi He’s case followed the same pattern, with attackers using a trusted account to push meme coins and mislead users. He added that hackers appear to target top Web3 leaders and often rely on access to passwords or SIM card data to take control of accounts.
The broader account also referenced earlier security issues tied to official channels. In October, BNB Chain reported a breach affecting its official account that was later restored after multiple phishing attempts and a malicious contract deployment.
The report said the attack stole $8,000 across all chains, with one user losing $6,500. Another example involved a non-crypto public figure, with the report noting that Canadian rapper Drake’s X account was compromised last year to promote a fraudulent Solana-based meme coin called “ANITA.”
The incident came days after Binance announced leadership changes during Binance Blockchain Week, according to the text provided. Yi He was promoted to co-CEO alongside Richard Teng. Teng praised her role and said she helped shape Binance’s vision, culture, and strategy. Yi He said she was honored to build alongside Teng. She added that their focus is global growth while keeping users safe and supporting a more open financial system.
