Binance co-CEO Yi He became the latest victim of a sophisticated social media hack when cybercriminals took control of her WeChat account on December 9, 2025.

The attackers used her compromised profile to promote a meme token called MUBARA, making approximately $55,000 through a pump-and-dump scheme.

The hack occurred just days after Yi He was promoted to co-CEO alongside Richard Teng during Binance Blockchain Week in Dubai. This timing gave the fraudulent posts extra credibility among crypto traders who trusted her apparent endorsement.

How the Attack Worked

The hackers gained access through an old phone number that was previously linked to Yi He’s WeChat account. In China, telecom companies typically reassign unused phone numbers to new customers after just three months. This practice created a security gap that the attackers exploited.

“WeChat was abandoned long ago, and the phone number was seized for use. It cannot be recovered at present,” Yi He explained in a translated post on X (formerly Twitter).

Blockchain analytics firm Lookonchain tracked the scammers’ activities in real time. The attackers created two new cryptocurrency wallets and spent 19,479 USDT to buy 21.16 million MUBARA tokens before posting the fake endorsements. Once Yi He’s followers started buying the token, its price spiked significantly and the market value reached $8 million.

Source: @heyibinance

The scammers then quickly sold 11.95 million tokens for 43,520 USDT while keeping 9.21 million tokens worth about $31,000. Their total profit reached approximately $55,000, according to Lookonchain’s analysis.

Growing Pattern of Crypto Executive Attacks

This incident follows a troubling trend of hackers targeting prominent cryptocurrency figures through traditional social media platforms. On November 30, Tron founder Justin Sun’s WeChat account was compromised using similar tactics.

Security experts note that these attacks specifically target “Web3 big shots” because their endorsements carry significant weight in crypto communities. A single post from a respected executive can drive millions of dollars in trading volume within minutes.

Changpeng Zhao, Binance’s founder, quickly warned users about the hack. “Do not buy meme coins from the hackers posts. Web 2 social media security is not that strong. Stay safu!” he posted on X.

Technical Vulnerabilities in WeChat Security

SlowMist founder Yu Xuan, a leading blockchain security expert, explained how these WeChat takeovers happen. According to his research, attackers only need to contact two “frequent contacts” on the target’s friend list to gain account access. These contacts might be people who were never directly messaged but were simply added as friends or met briefly in group chats.

“The barrier to attacks can be surprisingly low,” Yu Xuan noted in his security analysis. He warned that high-profile crypto users who discuss trading or wallet management on WeChat face especially high risks.

The vulnerability is particularly serious in China, where WeChat serves as both a messaging app and payment platform with over 1 billion users. Many cryptocurrency traders in Asia use WeChat groups to share investment tips and coordinate trades, making fake endorsements especially dangerous.

Broader Security Risks for Crypto Industry

This hack highlights ongoing security challenges facing the cryptocurrency industry. While blockchain technology itself remains highly secure, traditional social media platforms create new attack vectors for cybercriminals.

The incident also occurred during other security challenges for Binance-related platforms. On October 1, hackers compromised BNB Chain’s official X account and posted phishing links that resulted in $8,000 in user losses.

These attacks work because they exploit trust rather than technical vulnerabilities. When followers see posts from accounts they recognize, they often act quickly without verifying the information through other sources.

Recovery and Prevention Measures

Binance worked with WeChat’s security team to restore Yi He’s account access. The company confirmed that the hack did not affect any of Binance’s internal systems or user funds.

Security experts recommend several steps to prevent similar attacks:

• Remove old or unused contacts from social media accounts

• Change passwords regularly, especially for dormant accounts

• Respond immediately to suspicious login alerts

• Avoid linking critical accounts to phone numbers that might be reassigned

For cryptocurrency users, experts stress the importance of verifying investment advice through multiple independent sources before making trading decisions.

The $55,000 Wake-Up Call

The Yi He WeChat hack serves as a stark reminder that Web2 security weaknesses continue to threaten the crypto industry. As digital assets become more mainstream, cybercriminals are finding new ways to exploit the trust that users place in social media platforms and public figures.

The $55,000 profit from this single attack, while relatively small compared to major crypto hacks, demonstrates how quickly criminals can monetize compromised accounts. For the crypto community, this incident underscores the need for better security practices across all platforms, not just blockchain networks themselves.