Binance founder Changpeng Zhao said newly appointed co-CEO Yi He’s WeChat account was hacked on Tuesday night and used to promote a little-known memecoin, turning the breach into a pump-and-dump scheme that briefly sent the asset surging on some decentralized exchanges.
Zhao said the attackers used the compromised account to circulate endorsements of memecoin and urged users to ignore the messages.
“Web2 social media security is not that strong. Stay safe!” wrote on X. “Don’t buy meme coins from hackers’ posts.”
Charging…
Yi He said he no longer uses WeChat and that the phone number linked to the account was taken, preventing him from regaining access.
The hack comes less than a week after Binance promoted Yi He to co-CEO during the company’s Blockchain Week event.
On-chain data shows that the hack quickly moved from a social engineering breach to a commercial exploitation.
Analytics account Lookonchain identified two newly created wallets that accumulated approximately 21.16 million MUBARA tokens (a little-known memecoin on decentralized exchanges) by spending 19,479 USDT on PancakeSwap and related routes.
As the fake endorsement spread through WeChat channels, trading volume and price increased dramatically on Dexscreener charts.
Wallets then began unloading the position as new liquidity arrived.
According to Lookonchain, the attacker has already sold 11.95 million MUBARA for 43,520 USDT and still holds another 9.21 million tokens worth approximately $31,000, leaving profits close to $55,000 with remaining inventory yet to be sold.
The sequence reflects a familiar exploitative pattern of buying early, triggering retail demand through a high-profile compromised account, and selling on the rise. Late traders, who reacted to what appeared to be an endorsement from a senior Binance executive, were left exposed as the price reversed almost immediately once the selling began.
Binance has not issued any separate comment beyond Zhao and Yi He’s warnings.
