Mobius Loses $2.1M in BNB Chain Exploit—DeFi’s ’Trustless’ Promise Takes Another Hit
Another day, another crypto heist—this time Mobius gets drained for seven figures while the ’code is law’ crowd scrambles for explanations.
How it happened: Attackers exploited a smart contract vulnerability on BNB Chain, bypassing security checks like a Wall Street quant finding loopholes in the SEC rulebook.
Why it matters: The exploit exposes the persistent gap between DeFi’s utopian ideals and the messy reality of bug-ridden contracts. Auditors missed it. Users paid for it. The hackers kept it.
The kicker? This wasn’t some obscure protocol—Mobius had traction. Just goes to show: in crypto, your assets are only as secure as the smart contract’s worst line of code.
Mobius suffers a smart contract hack on BNB Chain
According to Cyvers’ statement, the Mobius exploit was “critical”, with the platform noting the attacker’s use of suspicious contract code and abnormal transaction patterns.
“Two minutes before the exploit, our system identified a deployment of a malicious smart contract that eventually targeted the Mobius Token smart contracts,” Cyvers wrote on X. As of the time of writing, the attacker’s wallet remains active.
🚨ALERT🚨
Our system has detected an exploit on Mobius Token smart contracts, draining over $2.15M in Mobius Token ($MBU) on BNB Chain.
Two minutes prior to the exploit, our system identified a deployment of a malicious smart contract, that eventually targeted the Mobius Token… pic.twitter.com/NEG5AXdfoc
In a follow-up post, Cyvers mentioned that the attacker has deposited the funds to Tornado Cash, a decentralized platform that runs on ethereum and acts as a money mixer. The platform obscures fund trails, so it doesn’t get connected back to its original source.
However, the Mobius Token team is yet to release an official statement acknowledging the development.
Meanwhile, crypto losses to illicit activities and actors inched close to $360 million in April. Last month, blockchain security firm PeckShield reported that the crypto industry witnessed losses across 18 different hacking incidents. According to Hacken CEO Dyma Budorin, crypto firms have still not changed their approach to cybersecurity, and it has led to more of these hacks happening.
Despite the $1.4 billion lost in the recent Bybit hack early this year, Budorin mentioned that one WOULD think that these firms would increase security measures, noting that they have continued to rely on the usual measures, including bug bounties and penetration tests, rather than using comprehensive security strategies. “Most of the projects think, ‘Okay, we did pentests. That’s enough. Maybe bug bounty. That’s enough.’ It’s not enough.”
According to reports, the largest chunk of the losses in April came from an unauthorized Bitcoin transfer worth $330 million. The theft, which now ranks as the fifth-largest crypto hack in history, was carried out using social engineering tactics. The wallet was said to have belonged to an elderly United States citizen, with on-chain sleuth ZachXBT flagging the transaction and revealing key details about the exploit.
Your crypto news deserves attention - KEY Difference Wire puts you on 250+ top sites
