Mobius Token ($MBU) suffered a smart contract exploit on the BNB Chain, leading to the loss of $2.15 million. The exploit, which was detected by security firm Cyvers Alerts, happened in the early hours of May 11.
According to the security firm, the hackers deployed the contract from address 0xb32a53… at 07:31:38 UTC and initiated the exploit at 07:33:56 UTC, draining funds from the victim wallet 0xb5252f…
According to the report, Cyvers mentioned that the attacker used contract 0x631adf…to carry out a series of malicious transactions. The smart contract drained about 28.5 million MBU tokens worth about $2,152,219.99, converting them into stablecoins after the theft.
Mobius suffers a smart contract hack on BNB Chain
According to Cyvers’ statement, the Mobius exploit was “critical”, with the platform noting the attacker’s use of suspicious contract code and abnormal transaction patterns.
“Two minutes before the exploit, our system identified a deployment of a malicious smart contract that eventually targeted the Mobius Token smart contracts,” Cyvers wrote on X. As of the time of writing, the attacker’s wallet remains active.
🚨ALERT🚨
Our system has detected an exploit on Mobius Token smart contracts, draining over $2.15M in Mobius Token ($MBU) on BNB Chain.
Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract, that eventually targeted the Mobius Token… pic.twitter.com/NEG5AXdfoc— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 11, 2025
In a follow-up post, Cyvers mentioned that the attacker has deposited the funds to Tornado Cash, a decentralized platform that runs on Ethereum and acts as a money mixer. The platform obscures fund trails, so it doesn’t get connected back to its original source.
However, the Mobius Token team is yet to release an official statement acknowledging the development.
Meanwhile, crypto losses to illicit activities and actors inched close to $360 million in April. Last month, blockchain security firm PeckShield reported that the crypto industry witnessed losses across 18 different hacking incidents. According to Hacken CEO Dyma Budorin, crypto firms have still not changed their approach to cybersecurity, and it has led to more of these hacks happening.
Despite the $1.4 billion lost in the recent Bybit hack early this year, Budorin mentioned that one would think that these firms would increase security measures, noting that they have continued to rely on the usual measures, including bug bounties and penetration tests, rather than using comprehensive security strategies. “Most of the projects think, ‘Okay, we did pentests. That’s enough. Maybe bug bounty. That’s enough.’ It’s not enough.”
According to reports, the largest chunk of the losses in April came from an unauthorized Bitcoin transfer worth $330 million. The theft, which now ranks as the fifth-largest crypto hack in history, was carried out using social engineering tactics. The wallet was said to have belonged to an elderly United States citizen, with on-chain sleuth ZachXBT flagging the transaction and revealing key details about the exploit.
Your crypto news deserves attention – KEY Difference Wire puts you on 250+ top sites
