The Mobius DeFi and real-world asset tokenization platform suffered a smart contract exploit on the BNB Chain on May 11, leading to the theft of $2.15 million in Mobius Tokens (MBU), reported blockchain security firm Cyvers.
“Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract that eventually targeted the Mobius Token smart contracts,” Cyvers stated.
They added that the attacker executed multiple malicious transactions via the contract, targeting the victim’s address.
However, there was no mention of the exploit on the MobiusDAO X feed.
ALERT
Our system has detected an exploit on Mobius Token smart contracts, draining over $2.15M in Mobius Token ($MBU) on BNB Chain.Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract, that eventually targeted the Mobius Token… pic.twitter.com/NEG5AXdfoc
— Cyvers Alerts (@CyversAlerts) May 11, 2025
MBU Crashes to Zero
Cyvers added that the hacker quickly deposited the stolen loot into the crypto mixer Tornado Cash to obfuscate the transactions.
Blockchain security firm CertiK also posted an alert stating that the hacker minted 9.7 quadrillion BEP-20 MBU tokens, which they swapped out for stablecoins.
The transaction record also indicated that the hacker deposited just 0.001 wrapped BNB, worth around $0.65, and was able to exploit the smart contract.
As a result, the MBU token value crashed to zero, according to DEXscreener.
Ethereum’s latest Pectra network upgrade has also introduced a dangerous new attack vector that could allow hackers to drain funds from wallets using only an offchain signature, reported security researchers over the weekend.
Ledger, a Hacking Victim … Again
Mobius is not the only hack victim this weekend. French hardware wallet maker Ledger has been the victim of hacking yet again.
Over the weekend, an attacker compromised a contracted moderator’s account on Ledger’s Discord channel and used it to post scam links.
Users were told about a false “vulnerability” and urged to “verify recovery phrases” via a malicious link. Ledger managed to regain control of its account and remove the malicious links.
Former Binance CEO Changpeng Zhao commented on the latest Ledger attack, stating, “Social network accounts for a crypto company are often the weakest links.”
Just got this security warning.
Ledger’s Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site.
Lessons:
1. Never give up your private key recovery phrases no matter who is doing the…— CZ BNB (@cz_binance) May 12, 2025
Ledger has been embroiled in scams and hacks over the past five years.
In April, scammers sent physical letters to Ledger owners requesting seed phrases in a scam that may be connected to Ledger’s 2020 data breach, which exposed personal information and physical addresses of more than 270,000 customers.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
