Yi He WeChat Breach Triggers MUBARA Pump, Markets Rally

A dormant social profile linked to Binance leadership was hijacked overnight, with the co-CEO Yi-He Wechat breach quickly spilling into the MUBARA memecoin market.

Old WeChat account hijacked to shill MUBARA

Binance co-CEO Yi He, recently appointed to serve alongside Richard Teng, saw an old WeChat account tied to a previous phone number compromised late on Dec. 9, 2025. The profile was no longer in active use, yet the attackers used it to post enthusiastic promotions of the MUBARA token, also called Mubarakah.

Because many of Yi He’s contacts operate in crypto-focused circles, the posts rapidly drew attention. Moreover, the social proof of an apparent endorsement from a senior Binance executive prompted traders to rush into the token without proper due diligence.

The hacked account framed MUBARA as a high-upside opportunity. That said, the messaging came from a profile that Yi He later described as abandoned and unrecoverable, underscoring the risk of any wechat account compromise tied to major industry figures.

Coordinated buying and rapid price surge

On-chain analytics service Lookonchain traced the scheme to two freshly created wallets, identified as 0x6739 and 0xD0B8. Roughly seven hours before the scam posts went live, these addresses quietly accumulated about 21.16 million MUBARA for exactly 19,479 USDT.

Once the WeChat messages began circulating, the token’s price spiked sharply. Within minutes, MUBARA jumped from around $0.001 to roughly $0.008, pushing its market capitalization to about $8 million. In parallel, trading volumes surged on BNB Chain decentralized exchanges, with liquidity flocking into the pairs linked to the promoted memecoin.

This pattern of pre-announcement accumulation followed by a fast price move is a textbook example of how onchain trading activity can be orchestrated around compromised social-media channels. However, it also shows how quickly retail traders can be drawn into thinly traded assets by perceived endorsements.

Profit-taking and sharp reversal

As fresh liquidity entered the market, the two wallets began unloading their holdings. By the morning of Dec. 10, blockchain data showed that the attackers had sold about 11.95 million MUBARA, receiving approximately 43,520 USDT in return.

The remaining balance stood at 9.21 million tokens, valued near $31,000 at prevailing prices. Moreover, estimates place realized profits from the maneuver at roughly $55,000, a figure that could rise if the remaining tokens are successfully sold into any residual demand.

After the main rounds of selling began, the token’s price collapsed. The memecoin fell more than 60% from its peak, leaving late buyers holding significant paper losses. Several KOLs on X highlighted wallet patterns that suggest some front running traders may also have positioned ahead of the public posts, amplifying the eventual volatility.

Warnings from CZ and Binance leadership

Binance founder Chang Peng Zhao (CZ) publicly urged users to ignore any promotional messages originating from Yi He’s compromised profile. He also used the episode to criticize the weaker security practices still common on major web2 platforms, which can be exploited to engineer market-moving narratives.

Yi He confirmed the breach and clarified that the affected account was tied to an old phone number and had effectively been abandoned. However, she emphasized that it could no longer be recovered or verified, and she asked followers to avoid any token pitches, including the Mubarakah memecoin scam, that appeared to come from that channel.

The incident around yi he wechat shows how a single compromised social profile can ripple across digital-asset markets. In particular, it highlights the vulnerability of communities on platforms like WeChat, which still play a central role in China’s trading networks and can quickly funnel capital toward opportunistic schemes.

Broader implications for crypto security

This case adds to a growing list of crypto influencer hack incidents where hijacked accounts are weaponized to drive low-liquidity tokens higher. Moreover, the speed of the price move and subsequent unwind underscores the need for better verification around endorsements and announcements that circulate on closed social apps.

For traders, the episode serves as a reminder to cross-check any investment pitch, even when it appears to involve high-profile names such as Binance executives. Ultimately, stronger account protections and user skepticism will be essential to limit the damage from similar attacks that aim to exploit trust and fuel fast, speculative pumps.

In summary, the exploitation of an old WeChat profile, coordinated pre-buying, and rapid profit-taking around MUBARA illustrate how social engineering and on-chain tactics can intersect to move markets and expose unsuspecting traders to sharp losses.