Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

MAP Bridge Exploit: 1 Quadrillion MAPO Minted in Cross-Chain Attack

The attacker sold about 1 billion MAPO for roughly 52.21 ETH, while most of the newly minted tokens remain in the exploiter’s wallet.

Written By Iyiola Adrian Iyiola Adrian
Fact Checked by Shubham Soni Shubham Soni
Published 2026-05-21
Make The Crypto Times preferred on GoogleGoogle
Share
MAP Bridge Exploit 1 Quadrillion MAPO Minted in Cross-Chain Attack

Key Highlights

  • Attackers exploited a flaw in Butter Bridge V3.1 to mint nearly 1 quadrillion MAPO tokens.
  • The issue stemmed from a hash collision in the bridge’s retry message verification logic.
  • Around 1 billion MAPO was dumped for ~52.21 ETH (~$180K), while the attacker still holds most of the supply.

MAP Protocol and ButterNetwork confirmed today that their Butter Bridge V3.1 system on Ethereum and BNB Chain was exploited, allowing an attacker to mint nearly 1 quadrillion MAPO tokens. 

The issue was first flagged by blockchain security firm Blockaid, which reported that the attackers were able to create fake tokens and send them to a newly created wallet address without real backing.

🚨 Community alert@MapProtocol / @ButterNetworkio bridge exploited on Ethereum and Bsc.

Attacker tricked Butter Bridge V3.1 (OmniServiceProxy) into minting ~1 quadrillion MAPO — about 4.8M× the legitimate ~208M supply — directly to a brand-new EOA.

More details in🧵

— Blockaid (@blockaid_) May 20, 2026

How the attack happened

In a post on X, Blockaid said the attacker exploited a weakness in the bridge’s retry message verification process.

The bridge used a coding method called keccak256(abi.encodePacked(…)) to check data. This method joins different pieces of data together before turning them into a hash. The issue is that when multiple dynamic fields are packed this way, different arrangements of the same data can still produce the same result. This made it possible for a fake message to look exactly like a real one to the system.

“Root cause via Blockaid: an abi.encodePacked collision across dynamic-bytes fields in our bridge retry path allowed a forged retry to pass the guard check,” ButterNetwork said, confirming the issue was at the contract layer.

Root cause via @blockaid: an abi.encodePacked collision across dynamic-bytes fields in our bridge retry path allowed a forged retry to pass the guard check.

Bug sits at the Butter contract layer. Patch, audit, and redeployment are in progress.

ButterSwap remains paused until… https://t.co/P7bxYWYTr0

— ButterNetwork (@ButterNetworkio) May 20, 2026

The exploit took place in a sequence of steps that combined message replay and address manipulation. 

According to Blockaid, the attacker first initiated a legitimate MAP→ETH bridge message that was signed through oracle and multisig validation. That message was sent to a precomputed contract address that had no code deployed at the time, causing the bridge to store it as a retry entry.

After that, the attacker created a new contract at the same address. This is possible in blockchain systems under certain conditions. Once the contract was in place, the attacker ran the retry function again but changed the structure of the message data. 

Even though the structure was changed, the final encoded result still looked the same to the system. Because of this match, the system believed the message was valid. It passed all checks and allowed the attacker to mint around 10 to 15 MAPO tokens in one go. 

Large dump into liquidity pools

After minting the tokens, the attacker quickly started selling them. On-chain data shows about 1 billion MAPO was dumped into a Uniswap V4 pool paired with ETH. This caused a loss of around 52.21 ETH, which is about $180,000 at the time. The sudden sale also disturbed the liquidity pool balance.

Blockaid said the attacker still holds about 999.999 billion MAPO tokens. This large amount is still sitting in their wallet, which means there is ongoing risk. If the attacker sells more tokens, it could further crash the price or affect other trading pools and exchanges.

Response from teams

ButterNetwork said the vulnerability was caused by a smart contract design issue rather than a protocol-level failure. The team stated that patching and redeployment are already in progress. 

“Bug sits at the Butter contract layer. Patch, audit, and redeployment are in progress,” the protocol posted on X. It has also paused all operations while the investigation continues.

The team also said user funds are safe and that pending swaps will be completed once everything is secure again. MAP Protocol also warned users not to trade MAPO tokens on Uniswap for now because liquidity pools are still at risk.

Broader DeFi context

The incident adds to a growing list of DeFi exploits in 2026. Just last week, Huma Finance was exploited for about 101,400 USDC. Earlier the same day, INK Finance reportedly suffered a separate breach involving about $140,000 in losses. 

Other protocols, including Kelp DAO, Drift Protocol, and Hyperbridge, have also been targeted this year.

In fact, funds stolen so far in DeFi-related protocols in different exploits and hacks this year alone would be estimated to be over half a billion dollars, with most cases linked to smart contract logic errors rather than direct blockchain attacks.

Also Read: Echo Exploit Hacker Moves $821K Through Tornado After eBTC Mint

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Iyiola Adrian
By Iyiola Adrian
Follow:
Iyiola Adrian is a Crypto Analyst at The Crypto Times, based in Lagos, Nigeria. He covers daily cryptocurrency market developments, including Bitcoin and Ethereum price action, altcoin movements, on-chain trends, and fact-check reports on circulating market claims. His analysis emphasizes how African and emerging-market investor behavior interacts with global crypto flows. Before joining The Crypto Times, Iyiola was a contributor at CoinCodex, where he focused on long-form crypto analysis, project reviews, and biographical research on industry figures. He has been writing on digital asset markets continuously since 2022, and his expertise spans market research, chart pattern analysis, technical indicators, and fundamental valuation across the crypto sector. Iyiola holds a Bachelor's degree in Civil Engineering from the Federal University Oye-Ekiti, Nigeria, and is currently pursuing a Master's in Business Administration at Afe Babalola University, Nigeria.
Shubham Soni
By Shubham Soni
Follow:
Shubham Soni is the Editor at The Crypto Times, based in Ujjain, Madhya Pradesh. He oversees the editorial desk, reviewing daily news coverage of cryptocurrency markets, US and Indian regulation, institutional adoption, the Solana ecosystem, AI agents, and Real World Assets (RWAs). All policy and markets coverage at The Crypto Times passes through his desk before publication. Before joining The Crypto Times in October 2025, Shubham managed news desks at Sportskeeda and Opoyi, covering global politics, sports, and entertainment for high-volume newsrooms serving the US and Indian markets. His four years in fast-paced newsrooms shaped his approach to fact-checking, source verification, and structural editing on complex stories. Shubham holds a Master's degree in Journalism from Makhanlal Chaturvedi National University of Journalism and Communication (Bhopal) and a Bachelor's degree in Journalism from Amity University Rajasthan. 

Latest News

Pak Deputy PM Ishaq Dar's Relative Arrested in Crypto Extortion Case
Pak Deputy PM Ishaq Dar’s Relative Arrested in Crypto Extortion Case
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era 
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock

Find Us on Socials

You may also like

Aave DAO Clears stcUSD Listing for MegaETH Lending Market

Aave DAO Clears stcUSD Listing for MegaETH Lending Market 

Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit

Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit

Hinkal Protocol Exploited 450+ ETH Laundered via Tornado Cash & THORChain

Hinkal Protocol Exploited: $820K Laundered via Tornado Cash & THORChain

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information