Audit log

Every state-changing event for MAP Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-25 18:02:39Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,118,098

   sig

   Z48VpqjhPyFk…etnmY4WEcopyexplorer ↗

   hash

   64MDFtEFNjwu…m3xEkzcvcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (21044 B) ▸

   {"actor":"system:backfill","investigation_id":"c3471167-cfde-4e37-9f7d-3d306fedd061","kind":"publish","page_slug":"map-protocol","published_at":"2026-05-25T18:02:39.335Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"MAP Protocol","sections":[{"content":"On May 21, 2026, MAP Protocol's Butter Bridge V3.1 cross-chain infrastructure was exploited by an attacker who minted approximately 1,000,000,000,000,000 (one quadrillion) MAPO tokens on the Ethereum and BNB Chain deployments. This quantity was approximately 4.8 million times the legitimate circulating supply of roughly 208 million tokens. The exploit was first flagged by blockchain security firm Blockaid, with subsequent analysis provided by PeckShield and independent researchers.\n\nThe attacker's wallet (0x40592025392BD7d7463711c6E82Ed34241B64279) executed the following steps: (1) submitted a legitimate MAP-to-ETH bridge message that passed oracle and multisig validation, directing it to a precomputed contract address where no code was yet deployed, causing the bridge to store it as a retry entry; (2) deployed a malicious exploit contract (0x2475396A308861559EF30dc46aad6136367a1C30) to that same precomputed address; (3) called the bridge's retryMessageIn function with restructured message data that produced the identical 601-byte keccak256(abi.encodePacked(...)) hash — a classic Solidity ambiguity that arises when multiple dynamic-length fields are packed without explicit length separators. The bridge validated the forged message as authentic and executed the mint.\n\nThe exploit transaction is recorded on-chain at 0x31e56b4737649e0acdb0ebb4eca44d16aeca25f60c022cbde85f092bde27664a. PeckShield traced the vulnerability to the OmniServiceProxy contract within Butter Bridge V3.1, characterizing it as exposing gaps in message validation despite the presence of oracle and multisig safeguards. ButterNetwork subsequently confirmed the vulnerability resided at the Butter contract layer rather than at the underlying MAP Protocol relay chain level.","heading":"Critical Security Incident: Butter Bridge V3.1 Exploit (May 21, 2026)","severity":"critical","sources":[{"credibility":2,"name":"MAP Bridge Exploit: 1 Quadrillion MAPO Minted in Cross-Chain Attack — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/21/map-bridge-exploit-1-quadrillion-mapo-minted-in-cross-chain-attack/"},{"credibility":2,"name":"One Hash Collision Just Wiped Out 96% of MAPO - Here Is What Happened — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/one-hash-collision-just-wiped-out-96-of-mapo-here-is-what-happened/"},{"credibility":2,"name":"1 Quadrillion MAPO Minted: Bridge Exploit Crashes Token — BeInCrypto","type":"news_article","url":"https://beincrypto.com/1-quadrillion-mapo-minted-bridge-exploit-crashes-token/"},{"credibility":2,"name":"MAPO Token Crashes 96% After Cross-Chain Bridge Exploit — The Cyber Express","type":"news_article","url":"https://thecyberexpress.com/mapo-token-crash/"}]},{"content":"The exploit produced an immediate and severe market impact. MAPO's price fell approximately 96% from around $0.003 to approximately $0.0001 within hours of the attack, with the market capitalization falling below $1 million. The attacker converted approximately 1 billion of the quadrillion minted tokens on decentralized exchanges via a newly created externally-owned account, extracting approximately 52.2 ETH (valued at roughly $110,000) and withdrawing approximately $180,000 in liquidity from Uniswap liquidity pools, for a combined extraction of approximately $290,000. The vast majority of the quadrillion minted tokens — estimated at roughly 999.999 trillion MAPO — remained in attacker-controlled wallets following the price collapse, rendering them effectively illiquid due to the token's near-total value destruction. This large attacker-held supply constitutes an ongoing obstacle to any price recovery, as any resumption of trading exposes the market to potential further dumping. All legitimate holders who did not sell prior to the collapse experienced near-total loss of value on their positions.","heading":"Financial Impact and Token Price Collapse","severity":"critical","sources":[{"credibility":2,"name":"Map Protocol token MAPO plunges 96% after exploit mints quadrillion tokens — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/mapo-token-plunges-96-bridge-exploit/"},{"credibility":2,"name":"1 Quadrillion MAPO Minted: Bridge Exploit Crashes Token — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/1-quadrillion-mapo-minted-bridge-170335985.html"},{"credibility":2,"name":"MAPO Plummets After Bridge Exploit — CoinInsider","type":"news_article","url":"https://www.coininsider.com/news/mapo-plummets-after-butter-bridge-exploit"}]},{"content":"The root cause of the exploit is a well-documented class of Solidity vulnerability arising from the use of keccak256(abi.encodePacked(...)) with multiple dynamic-length arguments. When variable-length types such as bytes or string are packed together without explicit length separators, different arrangements of data can produce identical byte strings and thus identical hashes. The Solidity documentation and Ethereum security literature have long flagged this pattern as unsafe when applied to dynamic types. In the Butter Bridge V3.1 implementation, the OmniServiceProxy contract authenticated cross-chain message retries by hashing four dynamic contract fields together using this pattern. The attacker demonstrated that rearranging the field boundaries while preserving the total byte content produced the same 601-byte encoded string and thus the same keccak256 digest, satisfying the bridge's validation check with a forged message. The exploit was not a flash loan attack, a reentrancy attack, or an oracle manipulation — it was a pure smart contract logic flaw in the message verification path. Security researchers characterized this as a failure of the bridge's retry path validation specifically, noting that the initial oracle and multisig signing mechanisms functioned as intended; the vulnerability was introduced in the downstream retry handling logic.","heading":"Technical Vulnerability Analysis: abi.encodePacked Hash Collision","severity":"critical","sources":[{"credibility":2,"name":"One Hash Collision Just Wiped Out 96% of MAPO - Here Is What Happened — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/one-hash-collision-just-wiped-out-96-of-mapo-here-is-what-happened/"},{"credibility":2,"name":"MAP Bridge Exploit: 1 Quadrillion MAPO Minted in Cross-Chain Attack — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/21/map-bridge-exploit-1-quadrillion-mapo-minted-in-cross-chain-attack/"},{"credibility":2,"name":"Crypto Bridge Exploits Hit $328.6M in May as PeckShield Tracks 8 Major Incidents — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"}]},{"content":"Following detection of the exploit, MAP Protocol paused the bridge connecting MAPO ERC-20 tokens on Ethereum to the native MAPO mainnet. ButterSwap operations were also suspended. The team issued a statement indicating that a patch, independent audit, and redeployment were in progress, and asserted that user funds were safe and that pending swaps would be completed once the platform was secured. MAP Protocol also publicly warned holders against trading MAPO on Uniswap due to ongoing liquidity pool risks stemming from the attacker's remaining token holdings. The team announced preparations for a broader recovery and migration plan for legitimate holders, including deployment of a new token contract and a blockchain snapshot to separate authentic balances from attacker-generated tokens. Users were advised to revoke unnecessary wallet approvals and await official recovery instructions through verified channels. As of the time of initial reporting, no formal post-mortem, timeline for redeployment, or compensation plan with specific financial commitments had been published. The bridge remained paused pending completion of the independent audit.","heading":"Protocol Response and Operational Status","severity":"high","sources":[{"credibility":2,"name":"MAP Protocol pauses bridge between MAPO ERC-20 and mainnet after exploit — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/map-protocol-pauses-bridge-exploit/"},{"credibility":2,"name":"Butter Bridge Hack Mints 1 Quadrillion MAPO Tokens — The Currency Analytics","type":"news_article","url":"https://thecurrencyanalytics.com/defi/butter-bridge-hack-mints-1-quadrillion-mapo-tokens-wiping-out-nearly-a-third-of-token-value-259299"}]},{"content":"PeckShield documented the MAP Protocol exploit as among eight major cross-chain bridge incidents occurring during May 2026, with cumulative losses across all incidents reaching $328.6 million. The broader pattern included a $300 million exploit of KelpDAO's LayerZero V2 rsETH route and an approximately $11.5 million exploit of the Verus-Ethereum bridge. April 2026 was characterized by Chainalysis as crypto's most-hacked month on record, with approximately 30 separate incidents at a pace of nearly one per day. Security researchers have noted that cross-chain bridges represent a structurally elevated attack surface because they must validate state transitions across multiple heterogeneous chains simultaneously, creating multiple points of failure. Vitalik Buterin had previously flagged this architectural risk in a widely cited 2022 commentary. The Butter Bridge V3.1 exploit is consistent with a pattern of attackers specifically targeting bridge retry and message relay pathways, which typically receive less rigorous auditing attention than primary bridging flows.","heading":"Broader Industry Context: Bridge Exploit Wave of May 2026","severity":"high","sources":[{"credibility":2,"name":"Crypto Bridge Exploits Hit $328.6M in May as PeckShield Tracks 8 Major Incidents — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"DeFi Bridge Hack Losses Top $328.6 Million This Year — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112727"}]},{"content":"MAP Protocol was founded in the summer of 2019 by a team including co-founder James Zheng (known publicly as James XYC), with a stated mission to build a cross-chain peer-to-peer payment infrastructure. The team initially developed MAP Protocol v1.0 as a cross-chain solution based on light-client verification without a relay chain. Following expansion of the development team in 2021, the project developed MAP Protocol v2.0, which introduced a MAP Relay Chain with precompiled smart contracts, Messengers for cross-chain message relay, Light-clients for verification, and Vaults for asset management. The project raised a reported total of $1 million across two seed funding rounds, with investors including SBVA, according to funding tracking sources. The MAPO token serves as the native currency of the MAP Protocol mainnet, with a maximum supply of 10 billion tokens. An ERC-20 version (MAP) bridges to the mainnet at a 1:1 ratio via the Butter Bridge infrastructure. Prior to the exploit, reported circulating supply figures varied across sources, with some citing approximately 208 million tokens and others citing a significantly higher circulating supply of approximately 5.75 billion. This discrepancy has not been publicly reconciled by the team. No SEC or other regulatory filings have been identified for MAP Protocol, consistent with its operation as a decentralized protocol outside traditional securities frameworks.","heading":"Project Background and Token Economics","severity":"medium","sources":[{"credibility":2,"name":"MAP Protocol — Official Website","type":"official","url":"https://www.mapprotocol.io/"},{"credibility":2,"name":"MAP Protocol Funding Rounds & Investors — CryptoRank","type":"research","url":"https://cryptorank.io/ico/map-protocol"},{"credibility":2,"name":"MAP Protocol — RootData Project Profile","type":"research","url":"https://www.rootdata.com/Projects/detail/MAP%20Protocol?k=MzA1"},{"credibility":2,"name":"MAP Protocol Price — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/map-protocol/"}]},{"content":"The mint of 1 quadrillion MAPO tokens by an attacker created an extreme and potentially irrecoverable supply distortion. Even if MAP Protocol deploys a new token contract and conducts a snapshot-based migration for legitimate holders, the attacker retains approximately 999.999 trillion tokens on-chain as of post-exploit reporting. Any token migration that does not include on-chain invalidation of the attacker-held supply — or that relies on the attacker's non-participation — carries residual risk. MAP Protocol stated that it would deploy a new token contract and use a snapshot to separate legitimate balances from attacker-generated tokens; however, the technical mechanism for rendering the attacker's holdings valueless under the new contract was not detailed in initial reports. Holders of the pre-exploit MAPO token on exchanges or in self-custody wallets face uncertainty about whether, and on what terms, they will receive equivalent value under any replacement token. The bridge between MAPO ERC-20 (Ethereum) and the MAPO mainnet remained paused at the time of reporting, creating additional liquidity and convertibility risk for holders on either chain.","heading":"Token Supply Integrity and Recovery Risk","severity":"high","sources":[{"credibility":2,"name":"MAPO Token Crashes 96% After Cross-Chain Bridge Exploit — The Cyber Express","type":"news_article","url":"https://thecyberexpress.com/mapo-token-crash/"},{"credibility":2,"name":"Map Protocol token MAPO plunges 96% after exploit mints quadrillion tokens — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/mapo-token-plunges-96-bridge-exploit/"},{"credibility":2,"name":"MAP Protocol pauses bridge between MAPO ERC-20 and mainnet after exploit — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/map-protocol-pauses-bridge-exploit/"}]}],"sources_used":[{"credibility":2,"name":"MAP Bridge Exploit: 1 Quadrillion MAPO Minted in Cross-Chain Attack — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/21/map-bridge-exploit-1-quadrillion-mapo-minted-in-cross-chain-attack/"},{"credibility":2,"name":"Map Protocol token MAPO plunges 96% after exploit mints quadrillion tokens — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/mapo-token-plunges-96-bridge-exploit/"},{"credibility":2,"name":"1 Quadrillion MAPO Minted: Bridge Exploit Crashes Token — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/1-quadrillion-mapo-minted-bridge-170335985.html"},{"credibility":2,"name":"MAP Protocol pauses bridge between MAPO ERC-20 and mainnet after exploit — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/map-protocol-pauses-bridge-exploit/"},{"credibility":2,"name":"MAPO Token Crashes 96% After Cross-Chain Bridge Exploit — The Cyber Express","type":"news_article","url":"https://thecyberexpress.com/mapo-token-crash/"},{"credibility":2,"name":"1 Quadrillion MAPO Minted: Bridge Exploit Crashes Token — BeInCrypto","type":"news_article","url":"https://beincrypto.com/1-quadrillion-mapo-minted-bridge-exploit-crashes-token/"},{"credibility":2,"name":"One Hash Collision Just Wiped Out 96% of MAPO - Here Is What Happened — Live Bitcoin News","type":"news_article","url":"https://www.livebitcoinnews.com/one-hash-collision-just-wiped-out-96-of-mapo-here-is-what-happened/"},{"credibility":2,"name":"Butter Bridge Hack Mints 1 Quadrillion MAPO Tokens — The Currency Analytics","type":"news_article","url":"https://thecurrencyanalytics.com/defi/butter-bridge-hack-mints-1-quadrillion-mapo-tokens-wiping-out-nearly-a-third-of-token-value-259299"},{"credibility":2,"name":"MAPO Plummets After Bridge Exploit — CoinInsider","type":"news_article","url":"https://www.coininsider.com/news/mapo-plummets-after-butter-bridge-exploit"},{"credibility":2,"name":"Crypto Bridge Exploits Hit $328.6M in May as PeckShield Tracks 8 Major Incidents — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"MAP Protocol — Official Website","type":"official","url":"https://www.mapprotocol.io/"},{"credibility":2,"name":"MAP Protocol Funding Rounds & Investors — CryptoRank","type":"research","url":"https://cryptorank.io/ico/map-protocol"},{"credibility":2,"name":"MAP Protocol Price — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/map-protocol/"},{"credibility":2,"name":"MAP Protocol — RootData Project Profile","type":"research","url":"https://www.rootdata.com/Projects/detail/MAP%20Protocol?k=MzA1"},{"credibility":2,"name":"DeFi Bridge Hack Losses Top $328.6 Million This Year — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112727"}],"summary":"MAP Protocol is a cross-chain omnichain infrastructure project founded in 2019, issuing the MAPO token and operating the Butter Bridge for cross-chain asset transfers. On May 21, 2026, an attacker exploited an abi.encodePacked hash-collision vulnerability in Butter Bridge V3.1's retry-message path, minting approximately 1 quadrillion MAPO tokens — roughly 4.8 million times the legitimate circulating supply — causing a 96% token price collapse and extracting approximately $290,000 in combined ETH and liquidity. MAP Protocol subsequently paused all bridge operations and announced plans to patch, audit, and redeploy the bridge infrastructure.","timeline":[{"date":"2019-07-01","event":"MAP Protocol founded in summer 2019 with mission to build cross-chain peer-to-peer payment infrastructure.","source":"MAP Protocol Developer Docs / Official Website","source_url":"https://www.mapprotocol.io/"},{"date":"2021-01-01","event":"MAP Protocol v2.0 development begins following expansion of the team; introduces MAP Relay Chain, Messengers, Light-clients, and Vaults.","source":"MAP Protocol History Documentation","source_url":"https://www.mapprotocol.io/"},{"date":"2026-05-21","event":"Attacker exploits abi.encodePacked hash-collision vulnerability in Butter Bridge V3.1 OmniServiceProxy contract on Ethereum and BNB Chain, minting approximately 1 quadrillion MAPO tokens. Exploit transaction: 0x31e56b4737649e0acdb0ebb4eca44d16aeca25f60c022cbde85f092bde27664a. Attacker wallet: 0x40592025392BD7d7463711c6E82Ed34241B64279.","source":"Live Bitcoin News / BeInCrypto","source_url":"https://www.livebitcoinnews.com/one-hash-collision-just-wiped-out-96-of-mapo-here-is-what-happened/"},{"date":"2026-05-21","event":"Attacker converts approximately 1 billion MAPO tokens into roughly 52.2 ETH (~$110,000) and withdraws approximately $180,000 in Uniswap liquidity, for combined proceeds of approximately $290,000. MAPO price collapses approximately 96% from ~$0.003 to ~$0.0001.","source":"Crypto Times / Crypto Briefing","source_url":"https://www.cryptotimes.io/2026/05/21/map-bridge-exploit-1-quadrillion-mapo-minted-in-cross-chain-attack/"},{"date":"2026-05-21","event":"Security firm Blockaid first flags the exploit. PeckShield subsequently confirms and traces vulnerability to Butter Bridge V3.1 OmniServiceProxy contract. MAP Protocol pauses MAPO ERC-20 to mainnet bridge and suspends ButterSwap operations.","source":"Crypto Briefing / BeInCrypto","source_url":"https://cryptobriefing.com/map-protocol-pauses-bridge-exploit/"},{"date":"2026-05-21","event":"ButterNetwork confirms vulnerability is at the Butter contract layer and states: 'Patch, audit, and redeployment are in progress.' MAP Protocol warns users against trading MAPO on Uniswap.","source":"Crypto Times","source_url":"https://www.cryptotimes.io/2026/05/21/map-bridge-exploit-1-quadrillion-mapo-minted-in-cross-chain-attack/"},{"date":"2026-05-21","event":"PeckShield identifies this as part of a broader wave of eight bridge exploits in May 2026 totaling $328.6 million in cumulative losses across the DeFi ecosystem.","source":"Bitcoin.com News","source_url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision c7d7d5d2-1e09-4c06-977d-56773049fda4copy