Mobius Protocol Suffers $2.15 Million Exploit on BNB Chain

A serious vulnerability has drained $2.15 million worth of MBU tokens from Mobius Token smart contracts on the BNB Chain. The attacker deployed the contract from address 0xb32a53... at 07:31:38 UTC and initiated the exploit at 07:33:56 UTC. The malicious smart contract drained 28.5 million MBU tokens and exchanged the distressed tokens for stablecoins.

The attacker carried out a number of damaging transactions with the help of contract 0x631adf…. They were able to successfully drain all available funds from the victim wallet 0xb5252f…. The victim ultimately incurred a new loss totaling $2,152,219.99. After the exploit, the hacker exchanged the stolen MBU tokens for $2.15 million in USDT.

Cyvers Alerts broke the story, tracking the money lost through 18 separate hacks. In a thread about the incident on X, Cyvers went into detail.

Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract that eventually targeted the Mobius Token smart contracts. - Cyvers

After pursuing it further, the investigator verified that the transfer was indeed a social engineering attack on an elderly person in the U.S. The attacker stole 28.5 million MBU tokens.

At the time of this writing, the Mobius Token team has yet to issue an official response to the incident. The missed communication has meanwhile had the unfortunate effect of leaving investors and the crypto philanthropy community at large waiting for further clarification and reassurance.

In a related incident, ZachXBT raised the alarm about a suspicious transfer of over $330 million in BTC last April 28. This underscores the acute security risks that still plague the cryptocurrency ecosystem.