Extropy Security Bytes: w19 2025

Here’s a more detailed look at some of the key security-related events that unfolded in the crypto space during the week of April 28th to May 4th 2025. It’s important to approach these incidents with a balanced perspective, recognising that they are part of the learning and growth process within a rapidly evolving industry where security remains a paramount concern for many dedicated teams and communities.

Mobius Suffers $2.1 Million Loss Due to Decimal Handling Flaw

• The Exploit: The Mobius Token, operating on the BNB chain, experienced a notable exploit in early May 2025, resulting in a loss of approximately $2.1 million.
• Technical Vulnerability: Investigations revealed that the core vulnerability lay in the Mobius smart contract’s handling of decimal precision during token minting. Specifically, poor protocol logic regarding how the contract managed these decimals created an exploitable weakness.
• Attack Mechanism: The attacker reportedly initiated the attack by depositing a very small amount of Wrapped BNB (WBNB), valued at less than a dollar at the time. This seemingly insignificant deposit then allowed the attacker to mint an astonishingly large quantity of Mobius tokens, exceeding 9.7 quadrillion.
• Importance of Precision: The incident serves as a stark reminder of the critical need for blockchain projects to exercise extreme caution and precision when implementing mathematical operations within their smart contracts, particularly concerning decimal places. Even seemingly minor oversights in this area can lead to significant economic exploits.
• Need for Robust Security Measures: The prevalence of such decimal-related errors in past smart contract incidents further underscores the importance of rigorous testing and comprehensive security audits conducted by experienced professionals before any protocol deployment.

Coinbase Users Targeted in $45 Million Phishing Surge

• Significant Losses: The first week of May 2025 brought concerning reports of a significant increase in successful phishing and social engineering attacks targeting Coinbase users.
• Analyst Report: On-chain security analyst ZachXBT, a well-respected figure in the crypto security community, reported that over $45 million was illicitly obtained from Coinbase users during this seven-day period.
• Nature of Social Engineering: These types of attacks differ fundamentally from direct smart contract exploits, focusing instead on manipulating individuals into divulging sensitive information, such as private keys, or coercing them into signing malicious transactions through sophisticated psychological tactics and impersonation.
• Targeting High-Value Accounts: The fact that such a substantial amount was reportedly stolen from a relatively small number of victims suggests that attackers are often targeting higher-value accounts.
• Mitigation Strategies: Addressing this requires a multi-faceted approach, including robust security awareness education for users, the implementation of advanced security features by exchanges, and the widespread adoption of best practices for private key management, such as the use of multi-signature (Multisig) or multi-party computation (MPC) wallets, as well as the secure offline storage provided by cold wallets.

Scrutiny on Market Makers: Incidents Involving Movement and Mantra

• Market Maker Practices: The month of May 2025 brought increased scrutiny to the practices of crypto market makers following notable incidents involving Movement Labs’ MOVE token and Mantra’s OM token.
• Movement Labs Incident: Movement Labs, an Ethereum layer-2 project, experienced significant turmoil shortly after the public launch of its MOVE token. Reports indicated that a market maker, Web3Port, allegedly dumped a large quantity of MOVE tokens onto the market, contributing to a significant price decline and subsequent exchange delistings. The situation raised serious questions about the nature of the agreements and potential insider dealings.
• Mantra Incident: Separately, Mantra, a project focused on Real World Assets (RWA) and DeFi, saw its OM token experience a dramatic and rapid price decrease following reports of a substantial amount of tokens being moved to exchanges prior to the price collapse, raising concerns about potential market manipulation or insider activity.
• Need for Transparency: These incidents underscore the potential for significant market volatility and the importance of thorough due diligence when evaluating new projects and understanding the role of market makers in maintaining liquidity and price stability. They also highlight the need for clear and transparent communication from projects regarding their tokenomics and market-making strategies.

Ransomware Group LockBit Reports Being Hacked

• Unusual Target: In a somewhat ironic development during the first week of May 2025, the notorious Ransomware-as-a-Service (RaaS) group LockBit reported that they themselves had fallen victim to a security breach.
• Data Exposure: LockBit, known for its extensive and damaging ransomware attacks, claimed that hackers had exploited a vulnerability in their systems, leading to the exposure of sensitive internal data, potentially including information about their affiliates, victims, and cryptocurrency wallet addresses used for ransom payments.
• Implications: This incident, where a prominent cybercriminal entity becomes the target of a cyberattack, serves as a stark illustration of the pervasive and often unpredictable nature of security threats in the digital landscape and raises questions about the operational security practices of even sophisticated threat actors.

These events from late April and early May 2025 provide valuable insights into the multifaceted security challenges and ongoing dynamics within the cryptocurrency and blockchain ecosystem. They emphasise the continuous need for innovation in security technologies, robust development practices, comprehensive user education, and increased transparency across the industry to foster greater trust and resilience.

Since 2017, Extropy has been at the forefront of blockchain security, auditing smart contracts across Ethereum and Zero-Knowledge (ZK) protocols. We have collaborated with leading ecosystems, including Base, Starknet, and MINA, ensuring their smart contracts are resilient, efficient, and secure.

We specialize in DeFi, on-chain games, and ZK applications, leveraging formal verification, static analysis, and deep manual reviews to uncover vulnerabilities before they become exploits. Whether you’re working with Solidity, Rust, Cairo, or zkVMs, our collaborative approach ensures your project meets the highest security standards.

- Website: security.extropy.io

- Email: info@extropy.io

Get in touch today — let’s build safer smart contracts together!