The cryptocurrency market witnessed another major security breach this week after the MAPO token collapsed by 96% following an exploit tied to the Butter Network cross-chain bridge. The incident resulted in the unauthorized minting of a quadrillion MAPO tokens, flooding the market with a supply vastly larger than the legitimate circulating amount and causing severe disruption across decentralized finance ecosystems connected to ETH and other blockchains.
According to blockchain security researchers, the exploit enabled the attacker to generate tens of thousands of times more MAPO tokens than the official supply. As panic selling intensified, the price of the Map Protocol token dropped from nearly $0.003 to around $0.0001 within hours, based on market tracking data from CoinGecko.
Attacker Drains ETH From Liquidity Pools
The attack primarily targeted the Butter Network bridge infrastructure, a cross-chain protocol associated with Map Protocol. Security platform Blockaid reported that the exploiter used a newly created externally-owned account (EOA) to offload approximately one billion MAPO tokens into decentralized exchanges.
During the process, the attacker reportedly drained nearly 52 ETH from Uniswap liquidity pools, an amount valued at roughly $180,000 at the time of the incident. Despite the liquidation of a portion of tokens, blockchain analysts noted that the attacker still retained close to a trillion MAPO tokens.
Those remaining holdings continue to create risks for additional liquidity pools and potential exchange listings linked to the Map Protocol token ecosystem. The sudden flood of tokens severely impacted market confidence and highlighted ongoing vulnerabilities within cross-chain bridge infrastructure.
MAPO Exploit Adds to Growing List of DeFi Attacks
The exploit comes during an already damaging month for decentralized finance projects. Reports indicate that at least 18 DeFi and blockchain protocols have been compromised in recent weeks.
Among the affected projects are THORChain, Verus Protocol, Transit Finance, TrustedVolumes, Ekubo, Echo Protocol, and RetoSwap.
The repeated attacks have intensified concerns surrounding interoperability protocols, especially those handling assets across ETH, Bitcoin, and other blockchain ecosystems. Cross-chain bridges remain frequent targets because of the complexity involved in validating transactions between multiple networks.
Map Protocol Pauses Mainnet Operations
In response to the breach, Map Protocol confirmed that the vulnerability originated in the Solidity contract layer. The project announced that it had paused its mainnet and initiated a migration process while the investigation continues.
Butter Network also suspended ButterSwap operations, although the team stated that user funds were not directly at risk.
In its latest statement, the Map Protocol team said it would announce a new contract address and later conduct an asset snapshot. The project added that “any remaining tokens held by attacker-controlled addresses will be fully invalidated and will not be included in any future snapshot or conversion process.”
Blockchain data further revealed that approximately one billion MAPO tokens were transferred to Uniswap shortly after the quadrillion-token mint occurred.
How the MAPO Mint Exploit Happened
Security researchers later outlined how the attack unfolded. According to Blockaid, the attacker initially submitted a legitimate oracle multisig-signed message before deploying a malicious smart contract at a carefully chosen address.
The exploiter then resent a modified “retry” message that appeared identical in transaction hash but had actually been manipulated. Because the cross-chain bridge incorrectly verified the altered message as authentic, the system approved the minting of the massive MAPO supply.
Researchers stressed that no private keys were stolen and no light clients were compromised during the attack. Instead, the incident was described as a “classic Solidity vulnerability involving multiple dynamic fields.”
The exploit once again demonstrated how weaknesses in smart contract validation can place both MAPO and ETH liquidity ecosystems at risk.
