MAPO Token Crashes 96% Following Massive Quadrillion Token Minting Attack
The malicious actor exploited the Butter Network cross-chain bridge to generate millions of additional tokens far exceeding MAPO's legitimate circulating supply.
Map Protocol's native cryptocurrency MAPO experienced a devastating 96% price collapse on Wednesday following a security breach of the Butter Network cross-chain bridge, which enabled a threat actor to generate a quadrillion MAPO tokens.
The unauthorized minting operation produced tens of thousands of times more tokens than the legitimate token supply, causing MAPO's value to plummet from approximately $0.003 to $0.0001 within just a few hours, data from CoinGecko shows.
The perpetrator leveraged a newly created externally-owned account (EOA) to sell approximately one billion MAPO tokens, extracting roughly 52 ETH valued at approximately $180,000 from Uniswap liquidity pools while maintaining control of nearly a trillion tokens that pose ongoing risks to additional pools and prospective exchange listings, according to a Wednesday report from Blockaid.
This recent security breach arrives during a month that has witnessed no fewer than 18 DeFi and blockchain protocols falling victim to exploits, among them THORChain, Verus Protocol's Ethereum bridge, Transit Finance, TrustedVolumes, Ekubo, Echo Protocol and RetoSwap.
Map Protocol indicated the vulnerability originated in the Solidity contract layer, and the project has suspended mainnet operations and initiated migration procedures while the investigation remains ongoing. The Butter Network announced it has halted ButterSwap, emphasizing that user funds were not compromised.
In its most recent communication, the Map Protocol project stated it would reveal a new contract address and determine an appropriate timing to execute an asset snapshot. "Any remaining tokens held by attacker-controlled addresses will be fully invalidated and will not be included in any future snapshot or conversion process," it said.
The MAPO attacker initially transmitted a legitimate oracle multisig-signed message prior to deploying a malicious contract at a predetermined address. The attacker subsequently retransmitted a manipulated "retry" message that presented an identical hash but was in reality fraudulent. The cross-chain bridge validated it as authentic and carried out the enormous token mint.
No private keys were compromised, and no light clients were breached; it was a traditional Solidity vulnerability involving multiple dynamic fields, Blockaid clarified.
Map Protocol is an omnichain network for swapping Bitcoin, stablecoins and tokenized assets across blockchains, connecting the Bitcoin mainnet with ecosystems such as Ethereum, BNB Chain, Tron and Solana.
TON-TAC issues a post-mortem for $2.68 million exploit
Meanwhile, the TON-TAC asset bridge, a cross-chain bridge designed as a network extension for The Open Network, published a post-mortem on Thursday detailing its $2.68 million exploit on May 11.
There has been a wave of cross-chain bridge exploits over the past few weeks, including the Verus-Ethereum Bridge, Echo Bridge, and Butter Network's cross-chain bridge.
The "security incident" resulted from missing validation in the sequencer software, which accepted a counterfeit wallet on TON that lacked proper code-hash and minter checks, leading to another unauthorized token mint.
Recovery efforts secured about 80% of the affected assets, but the bridge remains paused for an independent audit of the patched sequencer and liquidity restoration, it added.