An attacker cracked the Butter Bridge V3.1 on May 20 using a flaw most Solidity developers know to avoid. The result: roughly 1 quadrillion MAPO tokens minted out of thin air, 4.8 million times the legitimate supply of 208 million.
The exploit hit simultaneously on Ethereum and BSC. Within hours, the MAPO token price had collapsed from approximately $0.003 to around $0.00009 at the low, before a partial recovery brought it to near $0.0020 by May 21, per on-chain data tracked at the time of publication.
The Flaw No One Should Miss
Security firm Blockaid was first to flag the attack publicly. As Blockaid posted on X, the attacker tricked the Butter Bridge V3.1 OmniServiceProxy contract into minting approximately 1 quadrillion MAPO directly to a brand-new externally owned account.
“Attacker tricked Butter Bridge V3.1 (OmniServiceProxy) into minting ~1 quadrillion MAPO — about 4.8M× the legitimate ~208M supply — directly to a brand-new EOA.”
The technical root is not glamorous. Blockaid later detailed the suspected cause on X, explaining that the bridge’s retry message path authenticated cross-chain messages using keccak256(abi.encodePacked(...)) over four consecutive dynamic-bytes fields.
“abi.encodePacked has no length prefixes, so the field boundaries aren’t encoded — different field allocations can pack to the identical byte string and therefore the identical keccak.”
That is a documented Solidity pitfall, not an exotic zero-day. When multiple dynamic-length fields are packed together without length prefixes, two different inputs can produce the same hash output. The bridge could not tell them apart.
The attacker ran a three-step sequence to exploit it. First, a legitimate oracle-and-multisig-signed MAP-to-ETH message was sent to a precomputed contract address that had no deployed code yet. The bridge stored it as a failed retry commitment. Second, the attacker deployed the exploit contract at that exact same address. Third, a retry call with rearranged field boundaries produced a byte string that hashed identically to the planted message. The guard passed. The bridge minted 10^15 MAPO to the attacker’s wallet.
The exploit transaction is recorded on Etherscan. The attacker’s address and the exploit contract are both publicly traceable. The target token contract remains on Etherscan with the abnormal supply visible.
No private keys were taken. No light client was broken. The MAP Protocol mainnet consensus was not touched.
Snapshot, Migration, and What Holders Actually Face
MAP Protocol acknowledged the incident on X, confirming the team was coordinating with external security partners and that the bridge between MAPO ERC-20 and mainnet MAPO was paused.
“Team is aware and coordinating with external security partners on investigation and containment. The bridge between MAPO ERC-20 and mainnet MAPO is paused.”
A warning followed quickly. MAP Protocol posted on X urging holders to stop swapping MAPO ERC-20 on Uniswap entirely, stating pools remained at risk while mitigation was in progress.
“User warning: do not swap MAPO ERC-20 on Uniswap at this time. Token contract: 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 — Pools remain at risk while incident mitigation is in progress.”
The scope widened. MAP Protocol later announced on X that conversion services for MAPO on the original ERC-20 contract address across both BSC and Ethereum were suspended, with all relevant exchanges notified to disable deposits and withdrawals.
“Users are strongly advised not to trade MAPO tokens associated with the original BSC and Ethereum ERC20 contract address 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 on decentralized exchanges, including Uniswap, PancakeSwap, or any other platforms.”
That leaves retail MAPO holders in a defined holding pattern. A new contract address will be announced, and a pre-attack snapshot will determine who qualifies for the migration. Any MAPO minted abnormally after the attack, any assets held in attacker-linked wallets, and any tokens purchased on DEXs after the exploit began will be excluded from that snapshot, according to the full official statement published by MAP Protocol on Medium.
The preliminary safe snapshot heights have been set: Ethereum at the last safe block before the abnormal message-planting transaction, and BSC at the last safe block before the abnormal supply change. Anyone who bought MAPO after those points on a DEX is taking on real risk that those tokens may not count.
A Flaw That Was Already Known
MAP Protocol’s most recent X post confirmed the official statement, noting the flaw in Butter Bridge V3.1 was exploited on May 20, resulting in unauthorized MAPO minting on Ethereum and BSC, while mainnet consensus and light client verification were not affected.
The risk that Blockaid described is not new to Solidity developers. Using abi.encodePacked on multiple dynamic fields to produce a verification hash is a known footgun flagged in Ethereum development documentation. The consequence of getting it wrong, in a bridge context, is exactly what happened here: a hash collision that lets an attacker pass off a forged message as a verified one.
The attacker extracted approximately 52.2 ETH, worth around $110,000, by swapping portions of the inflated supply and draining over $180,000 in liquidity from Uniswap pools before the price collapsed, according to on-chain data tracked by Blockaid at the time of the incident. Most of the minted tokens remain in the attacker’s wallet untouched.
Butter Bridge has reportedly patched the vulnerability. A full security review of the affected message-processing path is ongoing, with external security firms still working alongside the MAP Protocol team.
Users are advised to rely only on MAP Protocol’s official channels for snapshot timing, new contract details, and migration arrangements.
