On-chain analysis reveals the hacker used the account to fuel a pump-and-dump, hyping a barely known token called MUBARA.
Binance founder Changpeng Zhao has alerted users that the WeChat account of the exchange’s newly appointed co-CEO, Yi He, was hacked and misused to promote a meme coin.
Zhao warned that attackers were using her compromised account to push meme coin promotions and urged the community to ignore anything coming from it.
“Web2 social media security is not that strong. Stay safu!” he wrote, adding, “I hope the next one isn’t my account. I haven’t used WeChat for many years. I also won’t directly promote any meme CA. Please everyone stay safe.”
Yi He also confirmed the breach, explaining that she hasn’t used WeChat for a long time and that the phone number connected to the account was taken over, leaving her unable to recover access.
Leadership Change Overshadowed by Meme Coin Scam
The hack comes just a week after Binance officially promoted Yi He to co-CEO during Binance Blockchain Week.
Co-founder Richard Teng called her a “driving force since day one,” crediting her with helping define Binance’s culture, long-term vision, and user-first approach. He said the move reflects the company’s evolving leadership as it continues pushing toward its goal of one billion users.
But the milestone has now been clouded by the meme coin exploit.
Hacker Turned the Breach into a Pump-and-Dump Scheme
On-chain data shows the attacker wasted no time turning the hack into a trading scheme. Blockchain analytics account Lookonchain described the incident as a textbook pump-and-dump using an obscure token called Mubarakah (MUBARA), which trades on decentralized exchanges.
By posing as Yi He, the attacker created the illusion of a real endorsement and used that to trigger FOMO around the little-known token.
Fake Promotion Sends MUBARA Price and Volume Soaring
According to Lookonchain, two brand-new wallets—created only hours beforehand—began buying up MUBARA on PancakeSwap and other DEXs, spending 19,479 USDT to accumulate about 21.16 million tokens.
When the fake WeChat promo started spreading, traders rushed in, sending MUBARA’s price and trading volume sharply higher on Dexscreener.
Attacker Cashes Out Into the Hype
Once enough liquidity flowed in, the attacker began selling.
Lookonchain estimates the hacker has already dumped 11.95 million MUBARA for 43,520 USDT and still holds 9.21 million tokens worth roughly $31,000.
That puts the attacker’s profit near $55,000, with plenty of tokens left to sell if trading volume stays high.
In short, the hacker bought early, used Yi He’s compromised account to lure in retail buyers, then sold into the surge—leaving latecomers holding the risk of a sharp price drop.
