The WeChat Hack of Binance CEO Yi He: An Inside Look at the Attack
On December 9, 2025, Yi He, co-CEO of Binance, became a high-profile target in the ongoing battle against cybercrime. Her WeChat account was hacked, leading to a sophisticated scheme that exploited her reputation to promote a meme token named MUBARA. This incident, resulting in a staggering $55,000 for the attackers, reflects both the vulnerability of digital identities and the potential for misuse in the ever-evolving cryptocurrency landscape.
Timing of the Attack: A Strategic Hit
The timing of the hack could not have been more strategic. Just days before, Yi He had been promoted to co-CEO alongside Richard Teng during the prestigious Binance Blockchain Week in Dubai. This elevation in status lent the hackers’ false endorsements additional credibility. Traders, eager for guidance from a respected figure, were more likely to trust the fraudulent posts promoting MUBARA.
The Mechanism Behind the Hack
The exploitation of Yi He’s account was facilitated through a loophole connected to an old phone number previously linked to her WeChat. In a common practice among telecom companies in China, unused phone numbers are reassigned to new customers fairly quickly—often within three months. This created a security vulnerability the attackers seized upon.
In her own words, Yi He explained, “WeChat was abandoned long ago, and the phone number was seized for use. It cannot be recovered at present.” This illustrates the risk of dormant accounts in an era where digital security is paramount.
The Attack Unfolds: Tracking the Scammers
Once inside her account, the hackers acted swiftly. Blockchain analytics firm Lookonchain monitored their activities in real-time. They established two new cryptocurrency wallets and utilized 19,479 USDT to acquire 21.16 million MUBARA tokens. Upon posting fake endorsements from Yi He, the token’s price surged dramatically, driving its market value to an astonishing $8 million.
The scammers capitalized on the momentum, eventually selling 11.95 million tokens for 43,520 USDT, while retaining 9.21 million tokens valued at approximately $31,000. According to Lookonchain’s analysis, their total gain soared to around $55,000.
A Disturbing Trend: Targeting Crypto Executives
This incident highlights a growing trend where hackers specifically target prominent figures within the cryptocurrency realm. Just weeks earlier, on November 30, Justin Sun, the founder of Tron, experienced a similar breach of his WeChat account. Experts agree that such attacks are often predicated on the influence these individuals wield within the crypto community. The endorsement of a known figure can lead to rapid trading spikes, making them attractive targets for cybercriminals.
Changpeng Zhao, the founder of Binance, recognized the severity of the situation and promptly issued a warning to users. He emphasized, “Do not buy meme coins from the hackers’ posts. Web 2 social media security is not that strong. Stay safu!” This advice serves as a reminder of the technological and social vulnerabilities that persist in digital spaces.
The Vulnerability of WeChat
Yu Xuan, founder of SlowMist, a prominent blockchain security firm, provided insight into how these WeChat attacks can occur. He noted that attackers only need to contact two individuals on the target’s friend list to facilitate account access. This low barrier exacerbates the risks for high-profile crypto users who often engage in trading discussions on the platform.
With over 1 billion users in China, WeChat serves not only as a messaging service but also as a payment platform, making the stakes even higher. The interconnectedness of the platform amplifies the danger posed by fraudulent endorsements.
Continuing Security Challenges in the Crypto Space
The Yi He hack accentuates ongoing security concerns within the cryptocurrency industry. While blockchain technology is inherently secure, traditional social media mediums create multiple points of vulnerability that cybercriminals can exploit. Furthermore, this incident coincides with other challenges faced by Binance, notably previous hacks that resulted in user losses.
Such breaches often capitalize on the trust placed in notable figures, leading followers to make snap decisions without thorough verification. This dynamic poses a significant threat, especially for those navigating the volatile crypto market.
Steps Forward: Recovery and Preventative Measures
In the aftermath of the attack, Binance collaborated with WeChat’s security team to help Yi He regain access to her account. Fortunately, the hack did not compromise Binance’s internal systems or user funds, but the repercussions of the event resonated throughout the community.
Experts recommend several strategies to mitigate similar risks in the future:
- Remove old or unused contacts from social media accounts: Keeping a clean friend list minimizes potential attack vectors.
- Change passwords regularly, particularly for dormant accounts: Frequent updates can thwart unauthorized access.
- Respond immediately to suspicious login alerts: Quick responses can limit the impact of unauthorized attempts.
- Avoid linking critical accounts to potentially recyclable phone numbers: Establishing safeguards here can provide an additional layer of security.
For cryptocurrency traders, the importance of verifying investment advice through multiple independent sources cannot be overstated.
The $55,000 Wake-Up Call
The incident involving Yi He serves as a stark reminder of the vulnerabilities associated with Web2 security weaknesses, particularly as they threaten the crypto industry. Though the $55,000 profit from this attack may seem minor compared to larger heists, it underscores the potential for rapid monetization of compromised accounts. As digital assets gain wider acceptance, both users and platforms must elevate their security practices to safeguard against emerging threats.
