MAP Protocol recently suffered a catastrophic security breach that resulted in the minting of one quadrillion MAPO toknes. The exploit, which targeted the Butter Bridge, caused the token's value to crash from $0.003 to $0.0001 almost instantly.

The 96% plunge to $0.0001

The sudden inflation of the MAPO supply has left the market in a state of total panic. Following the exploit, the token's price collapsed from $0.003 to a mere $0.0001, representing a 96% loss in value. This crash was driven by the minting of 1 quadrillion tokens, a figure that is nearly 5 million times larger than the protocol's original 208 million supply.

As the report indicates, the sheer volume of these new tokens effectively neutralized the token's market utility. The attacker successfully sent these minted assets to a new externally owned account (EOA), further complicating any immediate recovery efforts.

A Solidity-layer exploit via the Butter Bridge

The vulnerability was not a simple matter of a stolen private key; rather, it was a fundamental failure at the Solidity contract layer. According to the security firm Blockaid, the attacker initiated the breach by submitting a legitimate oracle multisig signed message.

The attacker then deployed a malicious contract to a specific address and resent a manipulated retry message. Because this manipulated message maintained the same hash structure as a valid one, the Butter Bridge was tricked into validating the transaction. This technical loophole allowed the attacker to bypass standard security checks and trigger the massive minting event.

A pattern of 18 DeFi breaches including THORChain

This incident is not an isolated event but part of a broader, more dangerous trend within the decentralized finance sector. The MAP Protocol exploit comes during a particularly volatile month where at least 18 different DeFi and blockchain protocols have been compromised, as reported by the source.

The vulnerability of cross-chain bridges, like the Butter Bridge, continues to be a primary target for malicious actors. This month has already seen significant hits to major players such as THORChain and RetoSwap, highlighting a systemic weakness in how different blockchain ecosystems interact.

The mystery of the trillion-token EOA

While MAP Protocol has moved to pause mainnet operations and prepare for a migration to a new contract address, several critical questions remain. The attacker currently controls close to a trillion tokens, and a billion of those have already been dumped onto the market.

It remains unclear how much of the attacker's trillion-token hoard can be blacklisted or recovered. Furthermore , the protocol has yet to announce the specific timeline or the new contract address for the upcoming migration. The market is also left wondering if the security partners involved can provide any guarantee that the new Solidity contract will be immune to similar hash-structure manipulations.