Hacken bridge exploited for $250k HAI token following private key leak

Blockchain security auditor Hacken has confirmed a major exploit involving unauthorized HAI token minting on Ethereum and BNB Chain.

On June 21, a compromised private key allowed a malicious actor to mint 900 million HAI tokens, which were subsequently dumped on decentralized exchanges.

According to Hacken, the private key was compromised while the company was making architectural changes to its blockchain bridge infrastructure. These updates were intended to enhance security, but during the process, a key linked to a contract with minting privileges was exposed.

Hacken’s blockchain bridge, which is designed to facilitate token transfers between networks like Ethereum and BNB Chain, was built at a time “when the market and tech looked very different,” the firm said in its post-incident update.

“Redesigning a deployed bridge means migrating contracts — a complex legal and technical process,” it added.

In response, Hacken revoked the affected minter account’s access and paused bridge transactions across both Ethereum and BNB Chain. 

Nevertheless, the attacker managed to walk away with an estimated $250,000 in realized losses, though their ability to offload more was limited by low liquidity.

The team has urged users to avoid interacting with the token until further notice and warned that any airdrop claims circulating online are scams.

Following the incident, Hacken CEO Dyma Budorin acknowledged responsibility, stating that the lack of a multisig bridge infrastructure contributed to the breach. He reassured community members that Hacken’s core infrastructure remains secure and unaffected.

Budorin also announced that tokens purchased on Ethereum and BNB Chain after the hack would not be supported in the project’s upcoming tokenomics update. A snapshot has been taken to track legitimate user balances, with a migration path to be announced.

In the long term, Hacken aims to restructure HAI into a regulated financial instrument combining token utility with equity rights. Budorin said the breach has accelerated plans to convert HAI into a security token representing Hacken equity.

HAI’s value plunged nearly 99% following the breach, dropping from $0.015 to $0.000056 before partially recovering to $0.00967 at the time of writing.

As previously reported by crypto.news, a Hacken report last year found that access control vulnerabilities, including private key leaks, were the leading cause of crypto hack losses in 2024, accounting for 78% of total damages.