May 20 Bridge Exploit Mints 1 Quadrillion Fake MAPO Tokens, Attacker Extracts ~52.21 ETH

MAP Protocol’s Ethereum-based MAPO token was hit by an apparent bridge exploit on May 20 that minted 1 quadrillion unauthorized tokens and sent them to a wallet later identified on Etherscan as “MAP/Butter Bridge Exploiter 1.” An Ethereum transaction at 04:13:59 UTC shows the mint assigned the tokens to address 0x40592025392BD7d7463711c6E82Ed34241B64279. The transaction record for hash 0x31e56b4737649e0acdb0ebb4eca44d16aeca25f60c022cbde85f092bde27664a includes the line: “Transfer 1,000,000,000,000,000 MAPO to 0x40592025392BD7d7463711c6E82Ed34241B64279.” Etherscan lists the affected ERC-20 contract, 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99, as MAP Protocol / MAPO, matching CoinGecko’s Ethereum contract listing for the token. The attacker then sold part of the counterfeit supply into Uniswap-linked liquidity and extracted about 52.21004794 ETH, based on the exploiter wallet’s on-chain activity.

The immediate effect was to flood the Ethereum version of MAPO with fake supply. Etherscan showed the token’s total and max supply ballooning after the mint, while the exploiter wallet still held nearly all of the inflated supply after unloading a portion. MAPO fell sharply in the aftermath, though token trackers and market data were also distorted by the sudden supply shock. At the same time, Butter Bridge and related swap services were reported paused, and users were warned not to trade the affected ERC-20 MAPO on Uniswap while the incident was investigated.

Crypto security monitors and industry outlets, citing firms including PeckShield and Blockaid, described the episode as an unauthorized mint tied to a bridge exploit. Reporting on the technical cause summarized it as a bridge validation or retry-flow bug in Butter Bridge V3.1, rather than a stolen private key. Some social media posts and secondary reports circulated more dramatic claims about the price damage, but the available evidence supports a sharp drop, not one clean and authoritative figure for a 96% collapse tied to the initial exploit.

MAP Protocol is a cross-chain, or “omnichain,” network that provides infrastructure for moving assets between blockchains. Its Butter Bridge and ButterSwap services are used to move MAPO across networks including Ethereum, BNB Chain and the MAP Relay Chain. That context makes the size of the exploit especially striking: MAP Protocol documentation has referenced a designed maximum supply of 10 billion MAPO, while the unauthorized mint on Ethereum created 1,000,000,000,000,000 tokens in a single transaction. Even though the attacker appears to have extracted only a relatively modest amount of ETH before liquidity constraints limited further sales, the counterfeit mint was large enough to disrupt price discovery and basic supply metrics.

What remains unclear is also important. The available research does not verify claims that MAP Protocol paused its mainnet or began a token migration, and this article does not treat those assertions as established fact. It also does not conclude that other chains were affected beyond the confirmed Ethereum token contract. As of Thursday morning UTC, the verified on-chain picture is narrower but still serious: a bridge-related exploit minted an enormous amount of fake MAPO on Ethereum, some of it was dumped into decentralized exchange liquidity, and the project’s bridge and swap infrastructure was reported paused while the incident was examined.