The Mobius DeFi and real-world asset tokenization platform suffered a sensible contract exploit on the BNB Chain on Could 11, resulting in the theft of $2.15 million in Mobius Tokens (MBU), reported blockchain safety agency Cyvers.
“Two minutes previous to the exploit, our system recognized a deployment of a malicious sensible contract that finally focused the Mobius Token sensible contracts,” Cyvers said.
They added that the attacker executed a number of malicious transactions through the contract, focusing on the sufferer’s deal with.
Nevertheless, there was no point out of the exploit on the MobiusDAO X feed.
ALERT
Our system has detected an exploit on Mobius Token sensible contracts, draining over $2.15M in Mobius Token ($MBU) on BNB Chain.Two minutes previous to the exploit, our system recognized a deployment of a malicious sensible contract, that finally focused the Mobius Token… pic.twitter.com/NEG5AXdfoc
— Cyvers Alerts (@CyversAlerts) May 11, 2025
MBU Crashes to Zero
Cyvers added that the hacker shortly deposited the stolen loot into the crypto mixer Twister Money to obfuscate the transactions.
Blockchain safety agency CertiK additionally posted an alert stating that the hacker minted 9.7 quadrillion BEP-20 MBU tokens, which they swapped out for stablecoins.
The transaction document additionally indicated that the hacker deposited simply 0.001 wrapped BNB, price round $0.65, and was in a position to exploit the sensible contract.
Because of this, the MBU token worth crashed to zero, according to DEXscreener.
Ethereum’s newest Pectra community improve has additionally launched a harmful new assault vector that might enable hackers to empty funds from wallets utilizing solely an offchain signature, reported safety researchers over the weekend.
Ledger, a Hacking Sufferer … Once more
Mobius shouldn’t be the one hack sufferer this weekend. French {hardware} pockets maker Ledger has been the sufferer of hacking but once more.
Over the weekend, an attacker compromised a contracted moderator’s account on Ledger’s Discord channel and used it to submit rip-off hyperlinks.
Customers have been instructed a few false “vulnerability” and urged to “confirm restoration phrases” through a malicious hyperlink. Ledger managed to regain management of its account and take away the malicious hyperlinks.
Former Binance CEO Changpeng Zhao commented on the most recent Ledger assault, stating, “Social community accounts for a crypto firm are sometimes the weakest hyperlinks.”
Simply acquired this safety warning.
Ledger’s Discord admin account was hacked. The scammer falsely claimed a safety flaw and urged customers to enter their restoration phrases on a phishing web site.
Classes:
1. By no means hand over your personal key restoration phrases regardless of who’s doing the…— CZ BNB (@cz_binance) May 12, 2025
Ledger has been embroiled in scams and hacks over the previous 5 years.
In April, scammers despatched bodily letters to Ledger homeowners requesting seed phrases in a rip-off that could be related to Ledger’s 2020 data breach, which uncovered private data and bodily addresses of greater than 270,000 prospects.
Binance Free $600 (CryptoPotato Unique): Use this link to register a brand new account and obtain $600 unique welcome provide on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE place on any coin!