Attackers exploited a flaw in the Butter Network cross‑chain bridge to mint roughly 1 quadrillion unauthorized MAPO (~4.8 million × the legitimate ~208M supply). The attacker dumped ~1 billion tokens into Uniswap liquidity, draining ~52 ETH (~$180k), and still holds close to a trillion MAPO that could put other markets at risk. Blockaid traced the root cause to an abi.encodePacked collision across multiple dynamic-bytes fields in the bridge retry path (a Solidity contract-layer bug) rather than stolen keys. Map Protocol paused mainnet, initiated a migration and said attacker-controlled tokens will be excluded from conversion. Separately, TON‑TAC recovered ~80% of assets after a separate $2.68M bridge exploit but remains paused pending an independent audit.

Summary facts: exploit minted ~1 quadrillion unauthorized MAPO (~4.8M× legitimate supply), attacker dumped ~1B into Uniswap draining ~52 ETH, attacker still holds ~1 trillion MAPO, Blockaid identified a solidity abi.encodePacked collision as the bug (not key theft), Map Protocol paused mainnet and started a migration excluding attacker-held tokens; TON‑TAC recovery and pause noted.