$MBU on the BNB Chain just got sucker-punched in the early hours of May 11. Some slick hacker pulled off a smart contract exploit, snatching a cool $2.15 million.
The experts over at Cyvers Alerts caught wind of the attack, but by then, the damage was done.
Action
At 07:31:38 UTC, the hacker deployed a shady contract from address 0xb32a53… and just two minutes later, at 07:33:56 UTC, they kicked off the exploit.
The victim wallet, 0xb5252f…, got drained dry, 28.5 million MBU tokens, worth about $2.15 million, were siphoned off and quickly flipped into stablecoins.
🚨ALERT🚨
Our system has detected an exploit on Mobius Token smart contracts, draining over $2.15M in Mobius Token ($MBU) on BNB Chain.Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract, that eventually targeted the Mobius Token… pic.twitter.com/NEG5AXdfoc
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 11, 2025
Smooth move, right? Then, like a ghost in the night, the stolen funds got funneled into Tornado Cash, the Ethereum-based money mixer that scrambles the trail so no one can follow the money back to its dirty origin.
Cyvers didn’t mince words, they called this exploit critical” Suspicious contract code, weird transaction patterns, all signs of a well-planned hit.
And get this, just two minutes before the heist, their system flagged the deployment of that malicious contract. Talk about a close call.
But the attacker’s wallet? Still active, still holding the loot. Meanwhile, the Mobius team? Radio silence. No official word yet in the time of writing.
Hacking season
Now, if you think this is an isolated incident, think again. April 2025 was a bloodbath for crypto security.
PeckShield, another top security firm, reported nearly $360 million stolen across 18 hacks. That’s a 990% jump from March’s $33 million.
The biggest heist? A $330 million Bitcoin theft, executed through social engineering, targeting an elderly U.S. citizen.
The stolen BTC was laundered through dozens of wallets and exchanges, disappearing into the ether faster than you can say blockchain.
Incompetence?
And despite losing $1.4 billion in the Bybit hack earlier this year, crypto firms still act like they’re doing enough with just bug bounties and penetration tests.
Hacken’s CEO Dyma Budorin calls it out straight, telling there is work to do.
“Most projects think, ‘We did pentests, maybe a bug bounty, that’s enough.’ It’s not.”
Not even close. The industry’s security game? It’s weak, and hackers are cashing in big time.
So, if you’re holding crypto, especially tokens like Mobius, you better keep your eyes wide open.
The bad guys are getting craftier, and the usual security tricks just ain’t cutting it anymore.
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
