A critical vulnerability in the Mobius Token (MBU) smart contract on BNB Smart Chain has led to a $2.15 million loss, adding to the growing list of crypto-related exploits in 2025. Mobius is a lesser-known project within the BNB ecosystem.

The attack, confirmed by Web3 security firm Cyvers on May 11, involved a malicious hacker who took advantage of a flaw in the MBU minting mechanism.

Mobius Attacker Moves Fund Through Tornado Cash

According to Cyvers, the incident began at 07:31 UTC when a wallet (0xB32A5) deployed a rogue contract. Just two minutes later, another address (0x631adf) initiated a series of suspicious transactions.

Using only 0.001 BNB, the attacker minted 9.73 quadrillion MBU tokens and quickly exchanged them for stablecoins, netting $2.15 million. In the same process, the attacker also gained an additional 28.5 million MBU tokens.

After the exploit, the stolen assets were moved to Tornado Cash, a popular protocol that anonymizes transactions.