Hackers Exploit Butter Network Bridge to Mint Massive MAPO Supply

The Map Protocol’s MAPO token suffered a catastrophic breach when attackers exploited a flaw in the Butter Network cross‑chain bridge. By submitting a legitimate oracle‑signed message and then replaying a manipulated “retry” transaction, the malicious contract convinced the bridge to mint a quadrillion MAPO tokens—far exceeding the legitimate supply. The attacker quickly moved roughly one billion of those tokens onto Uniswap, draining about 52 ETH, valued at roughly $180,000, and causing the token’s price to tumble from $0.003 to $0.0001 within hours. The sudden oversupply flooded liquidity pools and shattered confidence in the protocol’s smart‑contract integrity.

This incident adds to an alarming wave of DeFi bridge compromises that have hit at least 18 projects this month, including THORChain and Verus Protocol. Cross‑chain bridges are attractive targets because they sit at the intersection of multiple blockchains, requiring complex validation logic that is prone to subtle Solidity bugs. The MAPO exploit underscores the systemic risk that a single vulnerability can pose to an entire ecosystem, threatening not only token holders but also the broader decentralized finance market. Investors are increasingly demanding rigorous third‑party audits and formal verification before deploying bridge contracts.

Map Protocol’s immediate response—pausing the mainnet, suspending ButterSwap, and planning a contract migration with a snapshot—demonstrates a growing recognition that swift containment is essential. However, fully invalidating the attacker’s remaining tokens will require coordinated action from exchanges and liquidity providers. Regulators may soon scrutinize bridge security standards, pushing the industry toward standardized testing frameworks and insurance solutions. For developers, the lesson is clear: dynamic field handling and message replay protection must be baked into bridge designs, and continuous monitoring is vital to prevent future minting exploits.