On 9 de dic. de 2025, Binance co‑founder Yi He’s old WeChat account was compromised and used to promote the Mubarakah (MUBARA) memecoin, triggering a rapid pump-and-dump that left retail investors exposed. The breach exploited a recycled phone number and demonstrates how Web2 account vulnerabilities can be weaponized to manipulate low‑liquidity tokens.
How the breach was executed
The attacker gained access by taking control of an abandoned mobile number still linked to Yi He’s WeChat profile, allowing account recovery and unauthorized posting. Pump-and-dump is a market manipulation in which coordinated hype artificially inflates an asset’s price and the promoters then sell into that buying pressure, and once the account was hijacked, the perpetrator used its perceived credibility to disseminate promotional messages that drove buying interest.
Market impact and wider security implications
On-chain tracing identified two wallets used in the operation: 0x6739 and 0xD0B8, which were seeded with about 19.479 USDT, according to analysis by Lookonchain. Mubarakah’s quoted price, which had been around $0,001, spiked between 200% and 900% during the coordinated push, and at the top of the artificial rally, the attackers liquidated positions and realized proceeds of roughly $55.000.
The token remains listed and trading across several venues cited in the tracing, including Binance, CoinGecko, CoinMarketCap, MEXC y BYDFi. Former Binance CEO Changpeng Zhao issued public warnings urging users to ignore the fraudulent promotions, and Yi He later regained control of the compromised account.
The incident underlines two structural risks: the fragility of Web2 account recovery mechanisms such as recycled phone numbers, and the susceptibility of meme coins—characterized by low market cap and community‑driven hype—to rapid manipulation. Crypto‑crime totals referenced in related reporting note that over $2,17 billion had been stolen by mid‑2025, with emerging threats including AI‑driven scams and sophisticated wallet‑draining techniques, reinforcing calls for improved digital hygiene and stronger identity controls.
