Binance founder Changpeng Zhao said the WeChat account of newly appointed co-chief executive He Yi was hacked late Tuesday and used to promote a little-known meme coin, turning the breach into a pump-and-dump scheme that caused the asset to briefly surge on some decentralized exchanges.
Zhao said attackers used compromised accounts to spread memecoin endorsements and urged users to ignore the messages.
“Web2 social media security is not that strong. Stay safe!” he wrote on X: “Don’t buy meme coins from hacker posts.”
loading…
He Yi said that she no longer uses WeChat and the phone number bound to the account was occupied, preventing her from using WeChat again.
The hack occurred less than a week after Binance named He Yi as co-CEO during the company’s Blockchain Week event.
On-chain data shows that the hack quickly transformed from a social engineering vulnerability to a transaction vulnerability.
Analyst account Lookonchain discovered two newly created wallets that had accumulated approximately 21.16 million MUBARA tokens (a little-known memecoin on decentralized exchanges) by spending 19,479 USDT on PancakeSwap and related routes.
As the fake endorsement spread through WeChat channels, trading volume and price surged on Dexscreener charts.
As new liquidity arrives, wallets begin selling positions.
According to Lookonchain, the attacker has sold 11.95 million MUBARA for 43,520 USDT and still holds another 9.21 million tokens worth approximately $31,000. The remaining inventory has not yet been sold, making a profit of nearly $55,000.
The sequence reflects a familiar exploitation pattern of buying early, triggering retail demand through compromised high-profile accounts, and then selling when prices spike. Late traders—seemingly reacting to Binance executives’ endorsement—were exposed to the risk of an almost immediate price reversal after the sell-off began.
Beyond Zhao and He Yi’s warnings, Binance has yet to comment separately.