MAPO, the native token of the Map Protocol, has dropped by 96% after attackers exploited the Butter Network bridge to create a large amount of unauthorized tokens.
Summary
- MAPO dropped by 96% after attackers exploited the Butter Network bridge to create a quadrillion unauthorized tokens.
- Blockaid said the attacker withdrew about 52 ETH from Uniswap pools and continued to hold nearly a billion MAPO tokens after the exploit.
- TON TAC has recovered about 80% of the lost property in its separate $2.68 million bridge operation, although the protocol has been suspended pending an independent investigation.
According to blockchain security firm, Blockaid, the attacker accidentally created a quadrillion MAPO tokens in the Solidity bridge contract layer before dumping nearly 1 billion tokens into Uniswap’s cash pools.
The sale ended at about 52 ETH, which is estimated at about $180,000, while the attacker continues to hold close to a trillion MAPO tokens that can threaten other liquidity pools and exchange markets.
CoinGecko data showed MAPO dropping from around $0.003 to around $0.0001 within hours as exploitation exceeded the token’s circulating official supply.
Map Protocol later confirmed that the problem stems from the use of the Solidity contract rather than compromised keys or a failure in its thin client infrastructure. The operator said he stopped the mainnet and started the migration process while the investigation was ongoing.
In a follow-up statement, the team said the address of the new contract and the timeline of the stock image snapshot will be announced separately. Tokens controlled by attacker-linked wallets will be issued in future conversion events and become inactive during the migration process, according to the project.
A fake retry message triggered an unauthorized mint
Further analysis from Blockaid showed the attacker first sent a legitimate message signed with oracle multisig before issuing a malicious contract to the target address. After that, the attacker sent you a message that looks like “try again”, although the payload has been changed.
Because the bridge verified the modified retry request as authentic, the protocol used an unauthorized mint and released newly created MAPO tokens for use, according to Blockaid.
The company said the exploit was not tied to stolen keys or broken cryptographic authentication. Instead, Blockaid described the incident as “a classic Solidity vulnerability involving multiple dynamic fields.”
Cross-chain bridge exploits combined with fake or improperly authenticated messages have appeared frequently throughout the DeFi sector this year. Earlier this week, the Verus Protocol Ethereum bridge lost more than $11.5 million after attackers allegedly used fake cross-chain transfer instructions to extract stored assets from the protocol.
At the time, Blockaid compared the Verus incident to the Nomad Bridge and Wormhole exploits of 2022, where fake referral payloads reportedly tricked protocols into withdrawing funds. ExVul later said that the Verus exploit appeared to involve a fraudulent import shipment that bypassed authentication checks within the bridge system.
GoPlus Security has separately stated that the Verus exploit may be linked to various message authentication failures, a bypass revocation problem, or access control weaknesses.
TON-TAC bridge recovers 80% of stolen goods
Elsewhere in the cross-bridge sector, TON-TAC, a bridge built as an extension of The Open Network, published an autopsy report on Thursday that included its $2.68 million exploit since May 11.
According to this project, the incident stems from the loss of validation checks within the sequencing software. A fake TON wallet without proper hashcode and minter verification is reported to have been accepted by the system, resulting in another unauthorized mint token.
TON-TAC said recovery operations have protected about 80% of the affected assets. However, the bridge remains suspended while an independent audit reviews the patchy tracking infrastructure and refund process.
The Map Protocol acts as an omnichain network that connects Bitcoin and ecosystems including Ethereum, BNB Chain, Tron, and Solana through the transfer of various assets including Bitcoin, stablecoins, and token assets.
Meanwhile, attacks targeting interoperability infrastructure have continued to increase across financial sectors. Alongside the MAPO exploit, protocols such as THORChain, Transit Finance, TrustedVolumes, Echo Protocol, Ekubo, and RetoSwap have also reported security incidents in recent weeks.
