Quick Breakdown
- Binance co-founder Yi He’s verified WeChat account was hijacked to shill a low‑cap meme coin to her large Chinese‑speaking audience.
- Binance quickly warned users that the promotion was unauthorized, flagged potential market manipulation, and began cooperating with affected communities.
- The incident highlights how hijacked influencer accounts can be weaponized to pump risky tokens and reinforces calls for stronger security and user education in crypto.
Yi He’s WeChat hacked, meme coin promotion sparks alarm
Binance co-founder and co-CEO Yi He reported that her verified WeChat account was compromised and used to promote a meme coin called Mubara to thousands of followers in China’s tightly controlled social media ecosystem. The attackers allegedly used her profile to imply a privileged relationship with the project, creating the impression of an insider endorsement that could drive speculative buying.
Binance later clarified that the messages were not authorized and that Yi He has no connection to the Mubara team or its token economics. The exchange said it is working to understand how the compromise occurred. It reminded users that it does not list or endorse every coin mentioned by its executives, especially on third‑party platforms.
Someone hacked @heyibinance‘s WeChat account, and posted about $Mubarakah, sending the token’s price soaring. @cz_binance
The hacker created 2 new wallets(0x6739 and 0xD0B8) ~7 hours ago and spent 19,479 $USDT to buy 21.16M $Mubarakah.
After the pump, the hacker has already… pic.twitter.com/39ncDQjgSe
— Lookonchain (@lookonchain) December 10, 2025
Binance frames incident as market manipulation risk, urges caution
In internal communications and community channels, Binance characterized the attack as an attempt at market manipulation, leveraging a trusted executive’s reputation to pump an illiquid token. The incident resembles past cases where hacked X or Telegram accounts were used to push malicious links, phishing pages, or thinly traded coins that crash once insiders or exploiters exit.
Binance stressed that users should cross‑check any investment call or listing claim against official Binance announcements, not personal or semi‑private social accounts, especially when it involves newly launched meme coins. The company also highlighted that speculative assets with no clear fundamentals remain highly vulnerable to coordinated pump‑and‑dump activity across Asian messaging platforms.
The persistent and diverse threat to crypto security
The recent hijacking of a Binance executive’s social media account to promote a meme coin highlights an ongoing security weakness in the crypto space, one that echoes incidents like the $37 million hack of the Upbit exchange. In Upbit’s case, attackers made off with Solana-based tokens, forcing the exchange to temporarily shut down services and promise full reimbursement to affected users from its own reserves.
Taken together, these events show how vulnerable the ecosystem still is, whether through social media takeovers used to manipulate markets or direct attacks on hot wallets. They underline the need for stronger security practices, better user education around scams and manipulation, and well-capitalized exchanges that can step in when things go wrong.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
