Skip to content
technologyTradingWalletCryptoCybersecurityFinanceEthereumBlockchainDefi

Social Media channels of Ledger breached, paving the way for Mobius to lose $2.1 million due to scam activities.

Unscrupulous user abuses MobiusDAO platform, escapes with over $2 million in stolen funds using just a fractional worth of Binance Coin.

 and  Administrator
3 min read
Unscrupulous user successfully embezzled over $2 million from MobiusDAO by depositing minimal...
Unscrupulous user successfully embezzled over $2 million from MobiusDAO by depositing minimal Binance Coin value.

Social Media channels of Ledger breached, paving the way for Mobius to lose $2.1 million due to scam activities.

Revamped Snippet:

The Mobius DeFi platform, running on the BNB Chain, fell victim to a malicious smart contract exploit on May 11, losing a whopping $2.15 million worth of Mobius Tokens (MBU), as reported by blockchain security firm Cyvers.

Two minutes before the attack, the system detected a sneaky deployment of a harmful smart contract specifically targeting Mobius Token smart contracts, as per Cyvers' statement. The attacker subsequently executed a series of deceitful transactions via this contract, aiming at the victim's address.

Interestingly, there was no trace of the exploit mentioned on the MobiusDAO X feed.

Nightmare for MBU Holders

Cyvers disclosed that the hacker immediately transferred the pilfered loot into the anonymized crypto mixer Tornado Cash to disguise the transactions.

CertiK, another blockchain security firm, issued a warning that the hacker minted approximately 9.7 quadrillion BEP-20 MBU tokens, swapping them for stablecoins. Records suggest that the fiendish hacker deposited merely 0.001 wrapped BNB, worth around $0.65, initially, yet managed to exploit the smart contract.

As a consequence, the MBU token value nose-dived to zero, according to DEXscreener.

In related news, Ethereum's latest Pectra network upgrade has surfaced a new attack vector that could potentially enable hackers to empty wallets using merely an off-chain signature, according to security researchers over the weekend.

Targeted Again: Ledger's Misfortune

Mobius isn't the only victim of hackers this weekend. French hardware wallet manufacturer Ledger has been struck by hacking once more.

Over the weekend, an attacker infiltrated a contracted moderator's account on Ledger's Discord server and used it to disseminate fraudulent links. Users were deceived with a fake "vulnerability" notice and were instructed to verify recovery phrases via a malicious link. Ledger successfully regained control of its account and removed the harmful links.

Former Binance CEO Changpeng Zhao commented on the recent Ledger attack, saying, "Social network accounts for a crypto company are often the weakest links."

Regrettably, Ledger has been embroiled in scams and hacks over the past five years.

In April, scammers sent physical letters to Ledger owners requesting seed phrases in a con that may be linked to Ledger's 2020 data breach, which spilled personal information and physical addresses of more than 270,000 customers.

Binance Exclusive Offer: Click here to establish a new account and claim a $600 exclusive welcome offer on Binance.Bybit Exclusive Offer: Click here to sign up and open a $500 FREE position on any coin!DeFi Hacks Ledger Scams Facebook Twitter LinkedIn Telegram

Enrichment Insights:

  • Vulnerability in Smart Contracts: The root cause of the exploit was a lack of proper access controls in the minting function of the project's smart contract, enabling the attacker to create an excessive volume of unauthorized MBU tokens[1][4].
  • Attack Mechanism: The attacker deployed a maliciously crafted smart contract on BNB Chain. They initiated the attack by calling the deposit function with a minimal amount of WBNB (about $0.67 at the time), exploiting a flaw in the contract's logic regarding decimals. The contract multiplied the BNB price by (10^{18}), resulting in the minting of over 9.7 trillion MBU tokens[4].
  • Monetization and Laundering: The attacker exchanged a portion of these tokens (28.5 million MBU) for stablecoins, mainly USDT, using platforms like PancakeSwap[3][5]. To conceal the trail of funds, they laundered the money using Tornado Cash[1][4].
  • Sophistication of the Attack: The rapid execution and complexity of the attack indicate that the hacker was highly skilled and had meticulously planned the exploit[1][4].
  • Financial Loss: The Mobius Token exploit brought about a financial loss of approximately $2.15 million. This incident underscores the persistent security concerns in the DeFi space and the need for strong smart contract resilience[2][5].
  • Security Implications: The attack underscores the significance of thorough security audits and testing for smart contracts to avoid similar vulnerabilities in the future[4][5].
  1. Amidst the chaos of the Mobius DeFi platform hack, the attacker utilized Tornado Cash to conceal the trail of the stolen Mobius Tokens (MBU).
  2. In the aftermath of the Mobius DeFi platform attack, CertiK revealed that the cunning hacker minted approximately 9.7 quadrillion BEP-20 MBU tokens, subsequently swapping them for stablecoins.
  3. The smart contract exploit on Ethereum's latest Pectra network could potentially enable hackers to empty wallets using merely an off-chain signature, as security researchers have pointed out.
  4. Susceptible to hacks and scams, Ledger, a French hardware wallet manufacturer, has once again fallen victim to malicious activities, this time on its Discord server.

Read also:

    Related

    Latest