Hack Alert – Mobius Smart Contract Exploit Steals $2.15 Million Dollars
Quick Summary
On May 11, 2025, Mobius Token ($MBU) was exploited via a malicious smart contract on BNB Chain, resulting in the loss of $2.15 million. Security firm Cyvers detected the attack, which involved draining 28.5 million MBU tokens from a victim wallet and converting them into stablecoins. The attacker’s wallet remains active, with funds already laundered through Tornado Cash.
Cyvers reported that the exploit began just minutes after the malicious contract was deployed, highlighting the attacker’s use of suspicious code and abnormal transaction patterns. As of now, the Mobius team has not issued an official statement.
The hacker deposited the stolen funds to @TornadoCash, according to Cyvers Alerts. Tornado Cash, a decentralized platform that obfuscates transaction trails, makes it difficult to trace the funds back to the original source.
The hack adds to a growing trend in crypto theft, with over $360 million lost to exploits in April alone. Experts continue to criticize the industry’s reliance on basic security measures like pentests and bug bounties, calling for broader, proactive strategies.
How To Protect Yourself
Use Audited Platforms – Engage only with projects that undergo thorough security reviews.
Watch for Suspicious Activity – Monitor smart contract deployments and token movements.
Upgrade Security Measures – Avoid single-point admin keys; use multisig and robust access controls.
Distribute Assets – Spread holdings across platforms to reduce risk.
Stay Alert – Follow trusted sources and security alerts for timely updates.