The compromise of Binance co‑CEO Yi He’s WeChat account was used in early December 2025 to stage a Mubarakah token pump and dump that yielded roughly $55,000 for the attacker and briefly inflated the token’s market value beyond $8 million. The incident underscores a market‑abuse vector that intersects Web2 account security and obligations for prevention of market manipulation.
Incident timeline and on‑chain analysis of the Mubarakah token pump and dump
Blockchain analytics reconstructed a concise sequence of actions. The perpetrator created two new wallets and acquired 21.16 million Mubarakah (MUBARA) tokens for 19,479 USDT, then used the compromised WeChat identity to amplify promotional messages that generated rapid retail demand. The token spiked by nearly 200% to an intraday peak of $0.008 before the attacker executed a sell‑off, liquidating 11.95 million tokens for 43,520 USDT and retaining 9.21 million tokens valued at about $31,000 — figures that combine to an estimated profit near $55,000. The resulting price collapse left late buyers with substantial losses.
A pump‑and‑dump is a market manipulation scheme in which actors inflate an asset’s price through misleading promotion and then sell into the artificial demand. On‑chain traceability enabled attribution of the trading flows and the sequence of token movements, while public messaging on a verified high‑profile account functioned as the vector for demand amplification.
Industry, platform and regulatory implications
The episode follows a recognisable pattern: compromise of influential Web2 accounts to confer credibility on otherwise obscure tokens. Comparable incidents have involved other prominent figures and official handles, demonstrating the operational scalability of such attacks. Law‑enforcement and industry data highlight the scale: U.S. losses to crypto scams in 2024 were reported at $9.3 billion, and analytic reviews indicate that a majority of newly launched ERC‑20 tokens in 2023 displayed activity consistent with pump‑and‑dump schemes, collectively generating roughly $241.6 million in illicit proceeds.
This hybrid Web2–Web3 threat profile allocates responsibilities across stakeholders. High‑profile individuals and treasury managers must harden digital hygiene through advanced multi‑factor authentication, strict separation between personal and professional channels, and continuous security training. Social media platforms should enforce stronger authentication for verified accounts, deploy anomaly detection for high‑impact handles, and enable rapid takedown and coordination with blockchain analytics providers. Crypto marketplaces and protocols should implement real‑time monitoring to detect manipulation patterns, transparent flagging or rapid delisting mechanisms for tokens associated with fraud, and tighter integrations with analytics for incident response and tracing.
From a regulatory standpoint, adaptive, cross‑jurisdictional measures are needed to address market abuse that leverages off‑chain credibility. Clearer liability frameworks for platform actors and defined reporting obligations for suspicious promotional activity would assist supervisory authorities tasked with market‑abuse prevention and investor protection.
Web2 account security failures translate directly into market‑integrity risks for crypto markets. Effective mitigation will require coordinated action on authentication, platform governance and regulatory clarity without introducing barriers to legitimate market activity. Next milestone: implementation of stronger authentication and anomaly‑monitoring protocols by social platforms and coordinated cross‑sector reporting standards to reduce the exploitability of high‑profile accounts.