Imagine waking up to dozens of messages from one of the most powerful women in crypto telling you to buy an obscure memecoin right now. Sounds like the chance of a lifetime, right? Except it wasn’t her. It was a hacker who had just taken over Binance co-CEO Yi He’s old WeChat account.
That’s exactly what happened on December 9th. Within minutes a token called MUBARA (or “Mubarakah”) shot up almost 800%, hit an $8 million market cap, and then came crashing down once the scammers started dumping. Classic pump-and-dump, but executed with terrifying precision thanks to a compromised account belonging to someone literally at the top of the industry.
Another Day, Another High-Profile Crypto Hack
I’ve been covering crypto long enough to know these stories never really go away; they just get more sophisticated. What makes this one sting is how simple the entry point was: an old phone number linked to a WeChat account Yi He hadn’t touched in years.
No fancy zero-day exploit. No leaked seed phrase. Just good old social engineering or SIM-swap (we don’t know the exact vector yet), and suddenly the attackers had access to a contact list full of Chinese crypto whales, VCs, traders, and journalists.
How the Scam Played Out Minute by Minute
On-chain detectives from Lookonchain pieced it together almost in real time. Roughly seven hours before any message went out, two brand-new wallets scooped up 21.16 million MUBARA tokens for about 19,479 USDT. That’s the kind of timing that screams insider knowledge or direct control of the account.
Then, late on the 9th, the messages started flying. Posts claimed MUBARA was “the next big thing,” some even written in Yi He’s typical style to make them feel authentic. Because WeChat is still the lifeblood of Chinese crypto networking in China, the FOMO spread like wildfire.
Price went from roughly $0.001 to $0.008 in minutes. Trading volume exploded on BNB Chain DEXs. Retail piled in thinking they were front-running Binance itself.
And then, predictably, the sell-off began.
The Numbers Are Brutal
By the morning of December 10th the attackers had already dumped 11.95 million tokens for 43,520 USDT. They still hold around 9.21 million tokens currently worth roughly $31,000 (depending on the minute you check). Total realized + unrealized profit? Easily north of $55,000 and possibly climbing.
Everyone who bought the top is now sitting on 60-70% losses. Another day in memecoin land.
- Cost basis for scammers: ~$19.5k
- Peak valuation of their bags: ~$170k
- Realized profit so far: ~$43.5k
- Current unrealized: ~$31k
- Time from first buy to first sell: under 10 hours
That’s an insane ROI for what was essentially a SIM-swap or recycled phone number attack.
CZ and Yi He’s Immediate Reaction
Changpeng Zhao (CZ) was one of the first to sound the alarm on X:
“Someone hacked @heyibinance’s WeChat account… Please ignore any investment advice from there.”
Yi He herself posted that the account was tied to an ancient phone number she no longer controlled and that recovery wasn’t possible. She urged everyone to ignore any token promotions coming from it.
In a way this incident became a painful reminder from two of crypto’s most prominent figures: even the people running the biggest exchange aren’t immune when they let old accounts linger.
Why WeChat Remains the Soft Underbelly of Chinese Crypto
Despite the bans, WeChat never stopped being the central nervous system of Chinese crypto trading. OTC desks, mining pool operators, project founders, journalists; literally everyone is in the same giant chat groups.
That network effect makes a compromised high-profile account devastating. One message from the right person can move millions in minutes, and because WeChat’s security features haven’t evolved much since 2017, taking over dormant accounts tied to recycled numbers is still painfully easy.
I’ve lost count of how many “KOL hacks” we’ve seen on WeChat over the years, but each one seems to get more profitable for the attackers.
The Bigger Pattern Nobody Wants to Talk About
Let’s be honest: this isn’t an isolated incident. It’s the natural endpoint of a memecoin meta where:
- Launching a token costs almost nothing
- Liquidity is razor thin
- FOMO overrides all due diligence
- Celebrity or KOL “endorsement” (real or fake) is enough to 100x a coin
Scammers no longer need to build fake websites or run phishing pages. They just need one good account and a freshly deployed contract. The community does the marketing for them.
And until we stop treating every “CZ liked my tweet” or “Elon tweeted a dog” as a buy signal, these attacks will keep working.
How to Actually Protect Yourself in 2025
Look, I get it — nobody wants to hear “do your own research” for the ten-thousandth time. But here are the rules I personally live by after watching these scams for years:
- If someone messages you privately telling you to buy something right now, it’s a scam 99.9% of the time.
- Never buy a token within the first hour of a “celebrity” mentioning it. Wait at least 24h and watch the wallets.
- Use on-chain tools religiously. If new wallets bought hours before the pump, run.
- Turn on WeChat’s “login protection” and bind it only to devices you control.
- Delete or fully secure any account tied to an old phone number. Seriously, just do it today.
Because the next hack won’t be Yi He. It’ll be someone you actually trust.
At the end of the day, incidents like the MUBARA scam aren’t just embarrassing for the victims — they’re a tax on the entire industry. Every time retail gets rinsed because of a hacked KOL account, trust erodes a little more.
We can build the most secure blockchains in history, but if the human layer — the WhatsApps, Telegrams, and WeChats where deals actually happen — remains 2015-era security, none of it matters.
Stay sharp out there.
