Key Takeaways
MAP Protocol’s native token, MAPO, fell nearly 30% after an attacker exploited its cross-chain bridge on May 20, 2026, minting 1 quadrillion unauthorized tokens and draining significant liquidity from decentralized exchanges.
The incident was first highlighted by security firm PeckShield, which identified a vulnerability in the Butter Bridge V3.1’s OmniServiceProxy contract. “The attacker triggered the mint via a spoofed cross-chain message on the Butter Bridge, directing 1 quadrillion MAPO from the zero address to a new wallet,” PeckShield posted on X.
On-chain data shows the exploiter swapped the illicitly minted tokens to extract approximately 52.2 ETH, worth around $110,000, and pulled over $180,000 in liquidity from Uniswap pools. The massive dilution caused the MAPO token price to collapse from approximately $0.003 to $0.001558 in the immediate aftermath, according to CoinGecko data.
The exploit highlights the persistent security risks in cross-chain infrastructure, a sector that has lost billions to similar attacks. By pausing the bridge, MAP Protocol is following a standard industry playbook to contain the damage, but the incident raises questions about the security of its verification model, which is designed to be more secure than typical multi-signature bridges.
The MAP Protocol incident is the latest in a string of exploits targeting cross-chain bridges and protocols with administrative key vulnerabilities. Earlier in the week, Echo Protocol suffered a similar attack where a compromised admin key led to the unauthorized minting of 1,000 eBTC, resulting in losses of approximately $816,000.
These events recall some of the largest bridge hacks in crypto history, including the 2022 Nomad Bridge exploit where an authentication error led to over $186 million in losses. Bridges are prime targets because they hold large pools of assets to back tokens on other chains. Compromising the bridge’s logic allows attackers to either drain these locked funds or, as in this case, mint an almost infinite supply of unbacked tokens.
MAP Protocol, a Bitcoin Layer-2 and omnichain interoperability project, uses light clients and Multi-Party Computation (MPC) for cross-chain verification. This method is theoretically more secure than relying on a small group of trusted validators. However, the flaw in the Butter Bridge’s message validation system exposed a critical gap. The project team has paused the affected bridge but has not yet released a formal post-mortem or detailed remediation plan.
For investors, the immediate impact is the inability to transfer MAPO between Ethereum and the MAPO mainnet. The broader concern is the erosion of trust in the protocol and the stability of its token, as most of the quadrillion newly minted tokens remain in the attacker's wallet, posing a significant overhang on the market.
This article is for informational purposes only and does not constitute investment advice.
