Binance Co-CEO Yi He to Compensate Users Affected by Scam Token via Hacked WeChat

The Incident: A Compromised WeChat Account

Binance's co-CEO, Yi He, has taken a proactive stance in addressing the losses incurred by users affected by a scam that involved her compromised WeChat account. This move comes despite previous warnings from Binance executives encouraging users to take personal responsibility for their security and avoid falling for scams.

The breach occurred when Yi He's dormant WeChat account was hacked on December 9, 2025. The attackers used this account to promote a BNB Chain-based memecoin called Mubarakah, which led to significant financial losses for users who invested in the token based on the false promotions.

Yi He confirmed the breach on social media platform X, explaining that she had abandoned the WeChat account years ago and it was linked to an old phone number that was seized by the perpetrators.

Compensation Offered by Binance

In response to the incident, Yi He announced that she would personally allocate BNB to conduct an airdrop for users who lost money trading the Mubarakah memecoin. This compensation specifically targets users who traded the scam token on the Binance Web3 Wallet and the Alpha platform.

Yi He expressed sympathy for the affected users and committed to distributing the airdrop fully within 24 hours of her announcement on December 10, 2025. She clarified that the compensation is a one-time exception and will not be repeated for future incidents.

She also emphasized that neither she, the official Binance account, nor any Binance employees would recommend memecoins due to their lack of long-term viability and price support.

How the Hack Occurred

The founder of SlowMist, Yu Xuan, republished his research on how WeChat account takeovers occur. According to his findings, Chinese telecom carriers reassign inactive phone numbers after approximately three months of disuse. Once an attacker obtains access to a recycled phone number that was previously linked to a WeChat account, they can initiate an account recovery process.

The system requires contacting just two frequent contacts to verify identity. These contacts might include people who were never directly messaged and only added as friends or interacted with briefly in shared groups.

WeChat takeovers of prominent crypto figures have become increasingly common. For instance, Tron founder Justin Sun reported on November 30, 2025, that his account was hacked, prompting him to contact the platform to regain access.

Previous Incidents Involving Yi He

Yi He herself was previously impersonated in a separate incident in March 2025. Her WeChat was hacked, leading to further concerns about the security of high-profile accounts in the crypto space.

According to blockchain analytics firm Lookonchain, the hackers created two new wallets approximately seven hours before posting about the token and spent 19,479 USDT to purchase 21.16 million MUBARA tokens through PancakeSwap and other decentralized exchanges.

After being promoted on Yi He’s compromised WeChat account, the price of the token surged from around $0.001 to $0.008, representing an increase of over 800%. The token’s market cap briefly touched $8 million as unsuspecting traders rushed to buy based on what appeared to be an endorsement from the Binance executive.

The attackers then sold 11.95 million tokens for 43,520 USDT, securing approximately $55,000 in profit before the token crashed more than 60%.

Binance’s Response

Binance co-founder Changpeng Zhao quickly warned users on X, stating that Web2 social media security is not strong and urging the community to avoid buying memecoins from the hacked posts.

Yi He eventually recovered her account through external verification and changed the password to prevent further unauthorized access.

Conclusion

This incident highlights the growing risks associated with social media accounts, especially for high-profile individuals in the crypto space. While Binance and its executives are taking steps to mitigate the damage, it serves as a reminder for all users to remain vigilant and cautious when engaging with content on social media platforms.