Mobius Token
Summary
Mobius Token (ticker: MBU) is a DeFi token that operated on BNB Chain. On May 11, 2025, an attacker exploited a critical decimal-precision bug in the project's unaudited smart contract, minting approximately 9.73 quadrillion MBU tokens with a deposit of only 0.001 BNB and draining $2.15 million in USDT from the protocol's liquidity pools. The stolen funds were laundered through Tornado Cash, no official team response was issued, and no funds have been recovered.
Connected Entities
1 entitiesTimeline(7 events)
2025-05-04
Attacker wallet 0xB32A53Af96F7735D47F4b76C525BD5Eb02B42600 funded via Tornado Cash with 10 BNB; same wallet allegedly exploited MHT Trade on this date.
2025-05-08
Mobius Token contract reportedly funded in preparation for the exploit.
2025-05-11
At 07:31 UTC, attacker deployed malicious contract 0x631adFF068D484Ce531Fb519Cda4042805521641 on BNB Chain.
2025-05-11
At 07:33 UTC, exploit executed: 0.001 WBNB deposited, approximately 9.73 quadrillion MBU tokens minted via decimal inflation bug, and $2,152,219.99 in USDT drained from PancakeSwap liquidity pools.
2025-05-11
Security firm Cyvers publicly flagged the exploit in real time on X (Twitter). CertiK, QuillAudits, and Halborn published post-mortem analyses.
2025-05-11
Attacker laundered approximately 2,100 BNB through Tornado Cash in 21 batches of 100 BNB. MBU token price collapses to near zero.
2025-05-11
No official statement released by the Mobius Token team. No fund recovery reported.
Decision Log
- hash: 3mPKunr7MRh2ZBcdBdYXU5jknqHHfERzAA7kpLnBRW4t
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:23 AM
last updated: 5/27/2026, 8:30:15 PM
avoid.net — verified advice for a post-truth world