Mobius Token smart contracts on BNB Chain exploited, $2.1M drained

Hackers drained over $2.15 million from Mobius Token ($MBU) smart contracts on the BNB Chain in a targeted exploit detected early May 11, according to security firm Cyvers Alerts.

The attacker deployed the contract from address 0xb32a53... at 07:31:38 UTC and initiated the exploit at 07:33:56 UTC, draining funds from the victim wallet 0xb5252f...

Cyvers confirmed to Cointelegraph that the attacker used contract 0x631adf... to execute a series of malicious transactions. The smart contract drained 28.5 million MBU tokens and converted them into stablecoins, resulting in a net loss of $2,152,219.99 for the victim.

In total, the attacker stole 28.5 million MBU tokens and converted them to $2.15 million worth of USDT.

Cyvers labeled the exploit as “critical” and noted the attacker’s use of suspicious contract code and abnormal transaction patterns.

The attacker’s wallet remains active and has retained the stolen funds as of publication. Mobius Token’s team has not yet released an official statement.

“Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract that eventually targeted the Mobius Token smart contracts,” Cyvers wrote on X.

Related: Bybit hacker launders 100% of stolen $1.4B crypto in 10 days

In April 2025, blockchain security firm PeckShield reported that the space saw nearly $360 million in digital assets stolen across 18 hacking incidents. 

April’s losses show a 990% increase compared to March, when crypto lost to hacks totalled about $33 million. The largest chunk of the losses came from an unauthorized Bitcoin transfer. 

On April 28, blockchain investigator ZachXBT flagged a suspicious transfer of $330 million in BTC. The investigator later confirmed that the transfer was a social engineering attack targeting an elderly individual in the United States. 

Magazine: 12 minutes of nail-biting tension when Ethereum’s Pectra fork goes live