Blockchain security firm Hacken has confirmed a significant exploit involving unauthorized minting of HAI tokens on both Ethereum and BNB Chain, resulting in approximately $250,000 in losses.
The breach occurred on June 21, when a compromised private key allowed an attacker to mint 900 million HAI tokens. These tokens were quickly offloaded on decentralized exchanges, triggering a sharp collapse in the token’s value.
According to Hacken, the private key was exposed during ongoing architectural upgrades to its blockchain bridge infrastructure—an effort intended to improve security. Unfortunately, during this transition, a key tied to a contract with minting privileges was inadvertently compromised.
Hacken explained that its bridge, which enables token transfers between networks like Ethereum and BNB Chain, was originally developed in a vastly different market and technical environment. “Redesigning a deployed bridge requires migrating contracts—a legally and technically complex process,” the company noted in its post-mortem.
In response to the breach, Hacken revoked access to the compromised minter contract and paused all bridge transactions across Ethereum and BNB Chain. Despite these measures, the attacker succeeded in extracting around $250,000 in liquidity, although their ability to cash out further was hampered by low market depth.
Users have been advised to steer clear of the HAI token until further notice, with Hacken warning that any airdrop offers circulating online are fraudulent.
Taking responsibility for the breach, Hacken CEO Dyma Budorin cited the lack of a multisig setup for the bridge as a key failure. He emphasized that the company’s core infrastructure remains secure and unaffected.
Budorin also announced that any HAI tokens purchased on Ethereum or BNB Chain after the exploit will not be supported in the project’s upcoming tokenomics overhaul. A snapshot of user balances has been taken, with a migration plan to be announced soon.
Looking ahead, Hacken plans to restructure HAI into a regulated financial asset, blending token utility with equity ownership. Budorin said the incident has accelerated plans to transition HAI into a security token representing equity in the company.
HAI’s market value plummeted nearly 99% following the exploit, falling from $0.015 to $0.000056 before partially rebounding to $0.00967 at the time of writing.
As previously highlighted in a 2024 Hacken report, access control vulnerabilities—such as private key leaks—were the top cause of crypto hacks this year, accounting for 78% of total losses.
