- Two wallets purchased 21.16 million tokens a few hours before the posts appeared.
- MUBARA briefly jumped from $0.001 to $0.008.
- The attackers realized an estimated profit of $55,000.
An inactive WeChat account linked to Binance co-CEO Yi He was hijacked on December 9, triggering a rapid memecoin surge that surprised traders and temporarily reshaped activity on the BNB Chain.
The compromised account was used to promote a little-known token called MUBARA, drawing traders who assumed the posts came from a credible source.
Within minutes the token’s price spiked and then collapsed, illustrating how outdated social accounts tied to high-profile industry figures can still influence crypto markets.
Hacked WeChat posts spark instant market reaction
The incident began when scammers gained control of Yi He’s old WeChat account, which was associated with an inactive phone number.
Late on December 9, the hijacked account began circulating posts promoting MUBARA, also referred to as Mubarakah, as a token with strong potential.
Because many contacts of the account remain active within China’s crypto circles, the messages spread quickly and triggered a surge in trading activity.
Lookonchain later tracked the on-chain movements related to the scheme, identifying two wallets that bought roughly 21.16 million MUBARA for 19,479 USDT about seven hours before the posts appeared.
Once the messages started circulating, MUBARA leapt from about $0.001 to $0.008 in a matter of minutes.
The token’s temporary market value reached roughly $8 million as traders rushed to decentralized exchanges on the BNB Chain.
Early buyers cash out as traders join the frenzy
As liquidity built up, the two wallets began selling into the rally.
By the morning of December 10, the attackers had sold 11.95 million tokens for 43,520 USDT.
They still held about 9.21 million tokens, valued at roughly $31,000.
Initial estimates put their profit at around $55,000, and the remaining unsold holdings leave room for further gains.
The token price fell by more than 60% once sales began.
Several crypto influencers on X noted wallet activity that suggested some traders might have acted moments before the WeChat posts were published, raising concerns about how much the activity resembled a coordinated pump-and-dump.
Binance leaders warn users after the breach
Binance founder Chang Peng Zhao urged users to ignore any messages from the compromised account and highlighted the persistent weaknesses of Web2 platforms, which offer limited recovery options for older accounts.
Yi He confirmed the breach, stating the account had been abandoned and could not be recovered. She advised users to avoid any token promotions linked to it.
The episode underscores how attackers can exploit legacy communication channels that still hold sway in certain trading communities.
WeChat remains widely used among crypto participants in China, meaning even inactive accounts can act as catalysts for misinformation that moves markets.
Market impact raises broader security concerns
The rapid price swing demonstrated how quickly misinformation can affect micro-cap tokens in an environment where traders respond to signals within seconds.
The rise and collapse of MUBARA highlighted differences in user behavior, platform security, and how decentralized markets react instantly to new information.
For Binance’s global user base, the incident serves as a reminder that reputation-linked accounts, even inactive ones, remain valuable targets for manipulation attempts.
As platforms assess the aftermath, conversations are turning to how the crypto community can better manage vulnerabilities created by older communication tools.