1 hour ago
124
Binance founder Changpeng Zhao said late Tuesday that the WeChat account of the exchange’s co-CEO Yi He was breached and used to promote memecoin Mubarakah, where the attackers executed a pump-and-dump operation that briefly sent the asset surging by over 927% within 7 hours.
According to Zhao, Yi He’s WeChat account hackers took control and circulated promotional messages of Mubarak that endorsed the token, prompting unsuspecting users to buy it. The former Binance head has asked the public to ignore the posts and treat the messages as fraudulent.
“Someone hacked Yi He’s WeChat account. Do not buy meme coins from the hackers posts,” Zhao wrote on social platform X.
Attacker created two wallets, walked away with $55K profit
Per blockchain records shared by Lookonchain, the perpetrator created two new wallets about 5 hours after the breach and began buying large quantities of the memecoin using funds supplied through stablecoin Tether (USDT).
Someone hacked @heyibinance's WeChat account, and posted about $Mubarakah, sending the token's price soaring. @cz_binance
The hacker created 2 new wallets(0x6739 and 0xD0B8) ~7 hours ago and spent 19,479 $USDT to buy 21.16M $Mubarakah.
After the pump, the hacker has already… pic.twitter.com/39ncDQjgSe
— Lookonchain (@lookonchain) December 10, 2025
The purchases caused upward pressure on the token’s price, allowing the attackers to unload part of their holdings at a significant gain before interest cooled. Lookonchain disclosed the hacker bought more than 21 million units of the token for $19.7K in USDT units. When the price peaked at around 1 AM UTC on Wednesday, they sold nearly 12 million Mubarakah for about $43,500.
The wallets retained more than 9 million tokens valued at roughly $31,000 at the time of the transactions, while the combined haul placed the attacker’s profit near $55,000. Zhao posted a warning on X, saying, “Web2 social media security is not that strong. Stay safu!”
Yi He told reporters she no longer uses WeChat and that the phone number linked to the account was taken over, so recovery was impossible.
The Mubarakah token was launched on March 18 on the BNB Chain, and entered the market at a price of $0.00007767, according to CoinMarketCap. Its all time high price mark was achieved during the debut day, clocking $0.02604 before dropping down below $0.02 in April.
At the time of this reporting, the token is 88% down from its ATH, but is still 3,600% above its lowest level and 168% up its 24 hour lows, trading at $0.002818
Binance-related hacks in Q4 2025
This month’s breach on a Binance-affiliated social media account is the second instance of compromises connected to the exchange this quarter. Cryptopolitan reported in October that the official X account for BNB Chain was hijacked and used to spread a phishing link promising rewards payable in the network’s native asset, BNB. “Please do not click on any links recently posted from this account,” Zhao told users at the time.
The fraudulent post was incentivizing users to vote on an invented “upcoming rewards distribution” event, where said participants who acted within the first 24 hours would receive benefits, later debunked as a phishing scheme.
An investigation revealed that the attackers deployed a single phishing contract and spread ten malicious links to several chains. Losses reached about $8,000, with one victim accounting for the majority after losing $6,500.
SimpleX Chat hacked to promote crypto, says no token launches underway
On the same day, Yi He’s WeChat account was used to pump-and-dump Mubarakah. Privacy-based messenger SimpleX Chat confirmed that its official X account was compromised to impersonate its interface and collect user wallet data.
SimpleX said hackers used the “delegate” feature on X to gain posting rights through an unauthorized third-party profile, then published a message promoting a program named “Perpetuals Early Access,” directing users to a phishing domain.
The post promised users a chance to “become a founding user of the perpetual communication network” and advertised “Security & Ownership That Never Expires.” The fraudulent message included a “Connect Wallet” button to trick users into granting permissions that would allow attackers to access their assets.
Founder Evgeny Poberezkin said the team temporarily lost access to two-factor authentication, blocking their attempts to log in or remove the post. Poberezkin admitted his personal account was also blocked by the attackers to prevent him from warning the public, although the company eventually restored control with help from the platform’s support team.
Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
English (US)