Critical Mobius Token Hack: Over $2.15M Stolen on BNB Chain — Scale of Losses Undermines Investor Confidence, Calls for Security Enhancements

A hacker attack on the Mobius Token (MBU) smart contracts on the BNB Chain blockchain resulted in the theft of over $2.15 million in cryptocurrency, marking one of the notable digital asset security incidents of 2025. Information about it was published by blockchain security company Cyvers Alerts , which identified and detailed the attack 1 3 4 .

Timeline and details of the attack

• Date and time of attack: May 11, 2025.
• Malicious Contract Deployment: The attacker deployed a malicious smart contract from the address 0xb32a53...at 07:31:38 UTC.
• Exploit initiation: Two minutes later, at 07:33:56 UTC, the exploit was launched – a series of malicious transactions targeting Mobius Token smart contracts.
• Attack target: The victim’s wallet with the address 0xb5252f...was completely emptied.
• Contract used: The attack was carried out using a contract with the address 0x631adf..., through which all malicious operations were performed 1 3 6 .

Mechanism and consequences

The attack resulted in 28.5 million MBU tokens being withdrawn from the victim’s wallet , which the attacker then converted into stablecoins (USDT). The total damage amounted to $2,152,219.99 .

Cyvers Alerts rated the exploit as “critical ,” noting that the attacker used suspicious contract code and anomalous transaction patterns, indicating a high degree of preparation and targeting of the attack.

At the time of publication of the information, the attacker’s wallet remained active and stored the stolen funds, and the Mobius Token project team has not yet provided official comments on the incident 1 3 4 6 .

The Role of the Cyvers Alerts Monitoring System

Cyvers Alerts played a key role in detecting the attack. Two minutes before the exploit began, their system detected the deployment of a malicious smart contract, which was later used to attack Mobius Token. This allowed experts to quickly identify the threat and warn the community about what had happened 1 3 4 6 .

The Crypto Security Context in April 2025

The Mobius Token incident comes amid a significant increase in hacker attacks in the crypto space. According to PeckShield, April 2025 saw 18 major hacks resulting in the theft of approximately $360 million in digital assets, a 10-fold increase from March of the same year.

A particularly high-profile event was the unauthorized transfer of $330 million worth of Bitcoin, which involved social engineering and targeted an elderly person in the United States. These findings highlight the growing risks and complexity of maintaining security in the blockchain environment 3 .

What details point to a targeted attack on Mobius Token in May 2025

The attack on Mobius Token is a prime example of modern threats in the DeFi and cryptocurrency ecosystem, where attackers exploit smart contract vulnerabilities to steal funds quickly and at scale.

• Attack time: two minutes after deployment of the malicious contract.
• Losses: 28.5 million MBU tokens, equivalent to $2.15 million.
• Method: Using suspicious code and anomalous transactions.
• Reaction: Active security monitoring, but no official statement from the Mobius Token team.

This incident serves as a reminder of the need for continuous improvement of security mechanisms and vigilance in the crypto space.

The following key details point to a targeted attack on Mobius Token in May 2025:

• Deployment of a malicious smart contract just before the attack: Two minutes before the exploit began, the Cyvers Alerts security system detected the deployment of a suspicious contract from the address , which was later used to carry out an attack on the Mobius Token 10xb32a53... smart contracts .
• Fast and coordinated exploitation of the vulnerability: The malicious contract was deployed at 07:31:38 UTC, and by 07:33:56 UTC the attacker initiated a series of transactions, indicating a pre-planned and precise execution 1 .
• Use of a specially crafted contract to exploit: The attacker used a contract with an address 0x631adf...to perform a series of malicious transactions, indicating a well-designed attack infrastructure rather than a random error or accidental interference 1 .
• Anomalous transaction patterns and suspicious code: Cyvers Alerts rated the exploit as “critical,” noting the use of unusual code and atypical transaction patterns, which are typical of targeted attacks designed to bypass standard security mechanisms 1 .
• Targeted withdrawal of funds: It was MBU tokens (28.5 million pieces) that were withdrawn, which were then converted into USDT stablecoins worth more than $2.15 million, which indicates the intent of the attacker to steal Mobius Token assets 1 .
• No randomness and high speed: All actions were performed within a few minutes, which excludes randomness and indicates a carefully planned attack using a vulnerability in the Mobius Token 1 smart contracts .

Thus, the combination of technical features – from the preliminary deployment of a malicious contract to the use of anomalous transaction schemes and the targeted withdrawal of MBU tokens – confirms that the attack was indeed targeted and carefully prepared.

How the attacker used suspicious code to perform an exploit

The attacker used suspicious smart contract code to perform an exploit on Mobius Token as follows:

• The malicious smart contract deployed by the attacker contained specially written and obfuscated code that allowed bypassing the standard security mechanisms and restrictions built into the blockchain system. Such code could include hidden functions that are not obvious during normal analysis, but give full control over the tokens in the smart contract.
• The use of anomalous transaction patterns meant that the attacker used non-standard sequences of function calls and contract interactions that were not intended by the developers and were not blocked by standard checks. This allowed tokens to be withdrawn from the victim’s wallet without permission.
• Technically, such exploits are often implemented through the execution of arbitrary code within a smart contract – the attacker injects commands that change the logic of the contract, for example, bypassing balance or access rights checks, which leads to unauthorized transfers of funds.
• These techniques are similar to how classic exploits use obfuscated and encrypted code to hide malicious logic from detection and analysis systems, as confirmed by cybersecurity practices (e.g., in exploit kits for web attacks) 2 3 .
• In this case, the attacker used the contract 0x631adf...as a tool to launch a series of malicious transactions that drained 28.5 million MBU tokens and converted them to USDT, indicating that the contract code was specifically designed to automate and disguise the theft.

Thus, the attacker used specially prepared, suspicious and obfuscated smart contract code that exploited vulnerabilities in the Mobius Token logic, allowing arbitrary operations to be performed with tokens and significant funds to be withdrawn without the consent of the owners.

Why the Mobius Token team has not yet given an official comment on the incident

The Mobius Token team has not yet given an official comment on the hacker attack incident, which resulted in the theft of more than $2.15 million, for several reasons:

• Need for internal investigation and damage assessment: After a critical exploit, the team will likely conduct a thorough analysis of what happened to understand the extent of the damage, identify vulnerabilities, and develop a response plan. Public statements are usually made after receiving complete and reliable information.
• Risk of creating panic and loss of trust: In a crisis, hasty comments can cause additional panic among investors and users, which will negatively affect the project’s reputation. Therefore, teams often prefer to prepare a balanced and formal statement first.
• Complexity of the technical situation: The attack was carried out using complex and suspicious smart contract code, as well as anomalous transaction patterns, which requires time for technical analysis and preparation of protective measures.
• Lack of information on recovery of funds: It is not yet known whether the stolen assets will be returned or frozen, which also affects the team’s willingness to comment publicly.
• Industry practice: Many projects after major breaches delay making official statements until they have completed an internal audit and consulted with security experts and legal advisors.

Thus, the lack of an official comment from Mobius Token at the time of publication is due to the need for a careful and responsible approach to communication following a serious security incident 1 5 .

What transaction patterns and anomalies were discovered during the attack

The following anomalies and transaction patterns were discovered during the attack on Mobius Token , indicating a targeted and sophisticated exploitation of vulnerabilities:

• Use of suspicious and obfuscated smart contract code that allowed bypassing standard security checks and performing unauthorized operations with tokens. Such code often includes hidden functions that allow an attacker to initiate transactions that are not visible during a normal audit.
• Anomalous transaction patterns characterized by rapid and consistent withdrawal of a large volume of tokens (28.5 million MBU) and their conversion into USDT stablecoins. This sequence and speed of transactions does not correspond to normal user behavior and indicates an automated exploit.
• A series of malicious transactions executed through a specially crafted contract (address 0x631adf…) that served as a tool for draining tokens. This indicates the presence of a prepared infrastructure for the attack, and not random actions.
• Anomalies in transaction behavior that could include non-standard function calls, bypassing access rights, and manipulation of balances within the contract, which is typical for exploits that take advantage of vulnerabilities in smart contract logic.
• Suspicious activity detected by Cyvers Alerts monitoring system , which recorded the deployment of a malicious contract two minutes before the attack, indicating targeted planning and preparation.

Such patterns and anomalies are typical for targeted attacks on DeFi projects, where attackers exploit vulnerabilities in the code and use complex transaction chains to quickly withdraw funds with minimal chances of detection and blocking.

What is the scale of the losses and how does it affect the credibility of projects on BNB Chain

The scale of losses from the Mobius Token hack amounted to over $2.15 million , which is a significant amount for a project on the BNB Chain and reflects the serious security risks in the ecosystem 2 . In the broader context of the crypto market, losses from digital asset hacks reached around $360 million in April 2025 alone , demonstrating the growing threats and vulnerabilities in the blockchain environment.

Impact of Losses on Trust in BNB Chain Projects

• Undermining user and investor trust: Major hacks like the Mobius Token attack raise concerns about smart contract security and the trustworthiness of projects on the BNB Chain. Users are starting to doubt the ability of projects to protect their funds, which could lead to capital outflows and a decline in activity.
• Increased Security Requirements: Such incidents encourage projects and developers to strengthen smart contract auditing and testing, implement more effective security mechanisms, and collaborate with security experts to prevent similar incidents from happening again.
• Impact on the reputation of the entire ecosystem: Although BNB Chain has demonstrated high performance and growing activity (DEX trading volume exceeded $14 billion in March 2025), repeated hacks can reduce the overall level of trust in the ecosystem, especially among new users and institutional investors 1 .
• Competitive Pressure: Amid security incidents, projects on BNB Chain face competition from other blockchains that are actively pushing for improved security standards and stability, which could impact developer influx and capital.
• Need for transparency and communication: The lack of timely official statements from affected projects adds to the uncertainty and pessimism among the community, further reducing trust.

Thus, the scale of losses in the hundreds of millions of dollars and specific incidents such as the attack on Mobius Token put significant pressure on the trust in projects on the BNB Chain. This highlights the importance of continuous improvement of security, transparency and professional governance in the crypto ecosystem to maintain and strengthen the trust of users and investors.

How the scale of losses on BNB Chain affects investor confidence in projects

The scale of losses on BNB Chain, including the incident of over $2.15 million being stolen from Mobius Token, has a significant impact on investor confidence in projects in the ecosystem for several reasons:

• Growing security concerns: Major hacks highlight vulnerabilities in smart contracts and infrastructure of projects on the BNB Chain, causing investors to question the reliability of their investments and the safety of their assets. This is especially important for new and lesser-known projects, which may be perceived as riskier.
• Impact on overall ecosystem perception: While BNB Chain has seen high activity and trading volumes (e.g., ecosystem trading volume exceeded $11 billion in 2025), repeated hacks reduce overall trust in the platform and may discourage institutional and retail investors 1 .
• Increased transparency and audit requirements: Investors are starting to demand stricter security measures, regular audits, and transparent communications from projects to minimize the risk of losses. The lack of timely official statements, as in the case of Mobius Token, exacerbates the negative perception.
• Increased Volatility and Caution in the Market: With frequent attacks and large losses, investors are becoming more cautious, which could slow down the inflow of capital into BNB Chain projects and lead to increased volatility in token prices 2 .
• Long-term impact on tokenomics and project sustainability: Losses and associated crises of confidence impact tokenomics by reducing token utility and community engagement, which can lead to centralization and rapid decline in asset value 3 .

Ultimately, the scale of losses on BNB Chain reduces investor confidence in projects, forcing them to more carefully assess risks and favor projects with proven security and transparent governance policies. This encourages the development of a more mature and responsible ecosystem, but at the same time creates pressure on less secure projects.

Add to follow

Check your sources

1. https://www.morpher.com/ru/insights/market/crypto/BNB
2. https://www.binance.com/ru/square/post/22471530649881
3. https://plisio.net/ru/blog/cryptocurrency-tokenomics
4. https://www.binance.com/ru/square/post/25015601480250
5. https://www.rbc.ru/crypto/news/68394fa89a79474b0e2aaafa
6. https://dtf.ru/top-smm/3517665-binance-smart-chain-v-rossii-top-2025
7. https://vc.ru/id2040316/2033446-korporacii-investiruyut-v-bitkoin-solana-i-ethereum
8. https://cbr.ru/Content/Document/File/162005/analytical_report_10072024.pdf
9. https://cyberleninka.ru/article/n/vozmozhnosti-i-potentsialnye-riski-ekosistemy-defi
10. https://kvaal.ru/crypto/bnb-binance

1. https://www.binance.com/ru/square/post/21977798470593
2. https://www.block-chain24.com/faq/chto-takoe-ataki-s-podmenoy-adresov-v-kriptovalyute-i-kak-ih-izbezhat
3. https://www.bnbchain.org/ru-RU/blog/tiekhnichieskaia-dorozhnaia-karta-bnb-chain-2023
4. https://www.binance.com/ru/square/post/25015601480250
5. https://kvaal.ru/crypto/bnb-binance
6. https://plisio.net/ru/blog/cryptocurrency-tokenomics
7. https://learn.bybit.com/ru/memes/what-is-tutorial-tut
8. https://icoda.io/ru/erc20-vs-bep2-vs-bep20-token-standards/
9. https://futureby.info/chto-takoe-rwa/
10. https://learn.bybit.com/ru/stablecoin/what-is-resolv-crypto

1. https://securelist.ru/incident-response-interesting-cases-2023/110492/
2. https://ics-cert.kaspersky.ru/publications/reports/2022/01/19/campaigns-abusing-corporate-trusted-infrastructure-hunt-for-corporate-credentials-on-ics-networks/
3. https://www.kaspersky.ru/blog/targeted-attack-anatomy/4388/
4. https://ptsecurity.com/ru-ru/research/analytics/kakimi-budut-fishingovye-ataki-v-blizhaishem-buduschem/
5. https://www.cbr.ru/collection/collection/file/32085/dib_2018_20190704.pdf
6. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-iv-kvartal-2024-goda-i-kvartal-2025-goda/
7. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D0%B4%D0%B5%D0%BB%D0%B8_%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B0%D1%82%D0%B0%D0%BA
8. https://cyberleninka.ru/article/n/kiberugrozy-v-bankovskoy-sfere-i-napravleniya-ih-snizheniya-v-rossiyskoy-federatsii
9. https://ya.ru/neurum/c/nauka-i-obrazovanie/q/kakie_suschestvuyut_tipy_anomaliy_pri_rabote_a29f135e
10. https://autovisor-vss.ru/incidents/

1. https://minfin.com.ua/2025/06/03/152101726/
2. https://www.gate.com/ru/learn/articles/gate-research-security-incident-summary-for-january-2025/6380
3. https://t.me/s/rustoredev?before=507
4. https://www.reddit.com/r/AnotherEdenGlobal/comments/iedmtw/concerns_over_another_eden/?tl=en
5. https://www.bitget.com/ru/pre-market/ZKSYNCUSDT
6. https://securitymedia.org/news/list/
7. https://t.me/s/omp_ru?before=446
8. https://eusp.org/sites/default/files/archive/M_center/Travin_Margania_Modernizacia.pdf
9. https://krasnoyarsk.fa.ru/upload/medialibrary/03e/yd6hawsjrgkaf8k2petco31kxlidm8t4/Sotsialno_ekonomicheskii_-landshafr-regiona-Investitsii-rosta.-2025-god.pdf
10. http://duma.gov.ru/media/files/nBRizxceqdu5U5b9yOvLEcfw5AV9uj0D.pdf

1. https://xygeni.io/ru/blog/understanding-cve-2023-50164-exploit/
2. https://securelist.ru/kak-zakryt-chernuyu-dyru/80/
3. https://www.eset.com/ua-ru/support/information/entsiklopediya-ugroz/eksploit/
4. https://mitre.ptsecurity.com/ru-RU/T1203
5. https://habr.com/ru/companies/eset/articles/269751/
6. https://www.keepersecurity.com/blog/ru/2024/02/01/how-do-cybercriminals-spread-malware/
7. https://www.kaspersky.ru/enterprise-security/wiki-section/products/automatic-exploit-prevention-aep
8. https://xygeni.io/ru/blog/zero-day-attack-essentials-what-you-need-to-know-to-secure-your-systems/
9. https://www.kaspersky.ru/resource-center/definitions/zero-day-exploit
10. https://habr.com/ru/companies/eset/articles/200156/

1. https://www.block-chain24.com/news/novosti-bezopasnosti/cmart-kontrakt-mobius-token-na-bnb-chain-postradal-ot-eksploita-na-21-mln
2. https://www.itsec.ru/news/archive/2025/06
3. https://www.asu.ru/files/documents/00023452.pdf
4. https://securitymedia.org/news/list/
5. https://www.itsec.ru/news/archive/2025/04
6. https://nosh85.sochi-schools.ru/wp-content/uploads/2023/09/Sbornik-Ped.opyt.pdf
7. https://pifk.magtu.ru/doc/2025/1/all1.pdf
8. https://bspu.ru/tpl/sveden/files/education/RPD/FOS/OM_05.03.06-24_EIP.pdf
9. https://storage.tusur.ru/files/180783/%D0%A1%D0%B1%D0%BE%D1%80%D0%BD%D0%B8%D0%BA%20%D1%88%D0%BA%D0%BE%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%20%D1%81%D0%B5%D0%BA%D1%86%D0%B8%D0%B8.pdf
10. https://www.vfmgua.ru/uploads/files/science/Jurnal/%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B9%20%D0%BD%D0%BE%D0%BC%D0%B5%D1%80%20%D0%B6%D1%83%D1%80%D0%BD%D0%B0%D0%BB%D0%B0%20%D0%92%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B%20%D1%8E%D1%80%D0%B8%D0 %B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%BE%D0%B3%D0%BE%20%D1%81%D0%BE%D0%BE%D0%B1%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B0%20 %D0%92%D0%BE%D0%BB%D0%BE%D0%B3%D0%BE%D0%B4%D1%81%D0%BA%D0%BE%D0%B9%20%D0%BE%D0%B1%D0%BB%D0%B0%D1%81%D1%82%D0%B8_2.pdf

1. https://www.block-chain24.com/news/novosti-bezopasnosti/cmart-kontrakt-mobius-token-na-bnb-chain-postradal-ot-eksploita-na-21-mln
2. https://www.bitget.com/ru/news/detail/12560604750427
3. https://cointelegraph.com/news/mobius-token-exploit-bnb-chain-2-1m-loss
4. https://www.binance.com/ru/square/post/05-11-2025-mobius-token-suffers-2-15-million-loss-in-bnb-chain-exploit-24097191014625
5. https://www.chaincatcher.com/en/tags/Mobius%20token
6. https://cryptorank.io/ru/news/feed/1886c-mobius-suffers-hack-on-bnb-chain
7. https://www.bitget.com/news/detail/12560604753144
8. https://www.binance.com/ru-UA/square/hashtag/MobiusToken
9. https://coinspot.io/world/mobius-smart-contract-hack-bnb-chain-loss/
10. https://www.golfstriminform.ru/kriptonomika/proekt-mobius-token-lishilsia-215-mln-v-rezyltate-vzloma/