According to Foresight News, Certik has released an analysis of the Mobius Token incident. On May 11, 2025, the system detected a suspicious attack involving Mobius Token (MBU) on the Binance Smart Chain, causing approximately $2.16 million in losses. The vulnerability in this MBU occurred just three days after the token was injected from addresses starting with 0x180 on May 8th. The root cause of the incident was the introduction of an inflation error of 1e18 due to the existence of an excess multiplier of 10 to the power of 18 in the unverified contract, which allowed the attacker to cast 9731099570980.66 MBUs in 0.001 BNB and exchange them for USDT. After exploiting the Mobius vulnerability, the attacker immediately laundered 2100 BNB through Tornado Cash, which was extracted in 21 batches of 100 BNB each. As of the time of writing this article, there have been no withdrawals of 100 BNB from Tornado Cash.
