MAP Protocol (@MapProtocol) - Twitter Profile | Zamantika Mersobahis Locabet

Pinned Tweet

MAP Protocol has suspended the conversion service between MAPO tokens on the original ERC20 contract address 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 across the BSC and Ethereum networks and MAPO on the MAP Protocol mainnet. All relevant exchanges have also been notified to disable deposits and withdrawals for these tokens. Users are strongly advised not to trade MAPO tokens associated with the original BSC and Ethereum ERC20 contract address 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 on decentralized exchanges, including Uniswap, PancakeSwap, or any other platforms. The project team will announce a new contract address in due course and will select an appropriate time to conduct an asset snapshot. Any remaining tokens held by attacker-controlled addresses will be fully invalidated and will not be included in any future snapshot or conversion process. Please refer only to official announcements for the snapshot timing, new contract information, and subsequent arrangements. Users are advised to remain patient and avoid taking any action through unofficial channels.

English

2

5

8

2.5K

MAP Protocol@MapProtocol·8h

@PeckShieldAlert Thanks for tracking, @peckshield. Team has been coordinating with exchanges and partners since the incident. Official statement on next steps, snapshot plan, and new contract: x.com/MapProtocol/st…

MAP Protocol@MapProtocol

MAP Protocol has suspended the conversion service between MAPO tokens on the original ERC20 contract address 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 across the BSC and Ethereum networks and MAPO on the MAP Protocol mainnet. All relevant exchanges have also been notified to disable deposits and withdrawals for these tokens. Users are strongly advised not to trade MAPO tokens associated with the original BSC and Ethereum ERC20 contract address 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 on decentralized exchanges, including Uniswap, PancakeSwap, or any other platforms. The project team will announce a new contract address in due course and will select an appropriate time to conduct an asset snapshot. Any remaining tokens held by attacker-controlled addresses will be fully invalidated and will not be included in any future snapshot or conversion process. Please refer only to official announcements for the snapshot timing, new contract information, and subsequent arrangements. Users are advised to remain patient and avoid taking any action through unofficial channels.

English

0

221

PeckShieldAlert@PeckShieldAlert·9h

#PeckShieldAlert The @MapProtocol exploiter swapped 1B ethereum:0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 for 52.21 $ETH ($111.51K), depositing it into #Tornadocash. They are still holding 999,999,000,000,000 ethereum:0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 as the token has dropped -97%

PeckShield Inc.@peckshield

Hi @mapprotocol, you may want to take a look: huge amount 1,000,000,000,000,000 of $MAP0 were minted: etherscan.io/tx/0x31e56b473…

English

6

7

42

4.3K

MAP Protocol@MapProtocol·16h

User warning: do not swap MAPO ERC-20 on Uniswap at this time. Token contract: 0x66d79b8f60ec93bfce0b56f5ac14a2714e509a99 Pools remain at risk while incident mitigation is in progress.

English

3

4

6

2.2K

MAP Protocol@MapProtocol·16h

Root cause via @blockaid: abi.encodePacked collision across dynamic-bytes fields in the bridge retry path. Scope: ✓ Light client verification: unaffected ✓ Oracle multisig: not compromised ✓ MAPO token contract: unaffected Bug sits at the Solidity contract layer. Mitigation continues.

Blockaid@blockaid_

🔎 Suspected root cause - TL;DR The bridge authenticates cross-chain message retries with keccak256(abi.encodePacked(...)) over four consecutive dynamic-bytes fields (initiator, from, to, swapData). abi.encodePacked has no length prefixes, so the field boundaries aren't encoded - different field allocations can pack to the identical byte string and therefore the identical keccak. The attacker: 1) Originated a real, oracle-multisig-signed MAP→ETH message to a precomputed CREATE address. Destination had no code yet → bridge cached a "NotContract" retry commitment. 2) Deployed the exploit contract at that exact address. 3) Called retryMessageIn with rearranged bytes-field boundaries that pack to the IDENTICAL 601-byte string as the planted message → same keccak → guard passes → bridge mints 10^15 MAPO (~4.8M× supply) to attacker. Not a key compromise, not a light-client bug, not a MAPO bug. Pure Solidity abi.encodePacked footgun on multiple dynamic-bytes fields.

English

2

7

11

3.5K

MAP Protocol@MapProtocol·17h

Scammers are likely to exploit this moment. The team will never DM you first, ask for seed phrases, or request wallet signatures for "recovery."

English

0

2

1

1.1K

MAP Protocol@MapProtocol·17h

Thanks for surfacing this. Team is aware and coordinating with external security partners on investigation and containment. The bridge between MAPO ERC-20 and mainnet MAPO is paused. More updates as soon as we have them.

Blockaid@blockaid_

🚨 Community alert @MapProtocol / @ButterNetworkio bridge exploited on Ethereum and Bsc. Attacker tricked Butter Bridge V3.1 (OmniServiceProxy) into minting ~1 quadrillion MAPO — about 4.8M× the legitimate ~208M supply — directly to a brand-new EOA. More details in🧵

English

4

6

8

3.9K

MAP Protocol@MapProtocol·23h

Official MAP Protocol channels: • Telegram: t.me/MAPprotocol • Website: mapprotocol.io • Docs: docs.mapprotocol.io • Explorer: maposcan.io Anything outside these isn’t us. Team will never DM first.

English

1

3

6

1.7K

MAP Protocol@MapProtocol·1d

🎈🎈

TokenPocket@TokenPocket_TP

🎈Balloon

QME

1

11.3K

MAP Protocol@MapProtocol·3d

Clean animation. Appreciate the vibes! 🔥

Luxy@marluxies

my 4th art! @MapProtocol

English

1

3

6

11.1K

MAP Protocol@MapProtocol·5d

Happy Friday, MAPO fam⛓️ May your weekend be smooth, your gas low, and your chains many 🫶💜🔗

English

2

6

11.6K

MAP Protocol@MapProtocol·13 May

Five reasons, zero fluff.

Luxy@marluxies

5 Reasons to pick @MapProtocol 💙 anyway this is my another work for Map Protocol!

English

1

2

9.9K

MAP Protocol@MapProtocol·12 May

Clean motion. Brand-tight. Thanks for the art!

Muvesovee@muvesovee

The future is cross-chain. 🌐 Exploring seamless interoperability with MAP Protocol. $MAP #MAPProtocol #Omnichain #Web3

English

1

7

10.2K

MAP Protocol@MapProtocol·10 May

Happy Mother's Day. To the moms in this space, holding down families and still showing up for the build, we see you. 💐

English

2

3

7

10K

MAP Protocol@MapProtocol·8 May

The MAP Telegram just got an upgrade. /ask: questions about the protocol, staking, ecosystem /trends: what the community's buzzing about /discuss: jump into a fresh thread AI agent, live now 👇 t.me/MAPprotocol

English

1

2

3

11.5K

MAP Protocol@MapProtocol·7 May

POV: cross-chain showed up to the Met 💜

English

2

3

6

19.4K

MAP Protocol@MapProtocol·6 May

💜 My first omnichain infrastructure for BTC, stablecoins, and tokenized assets swap

English

1

3

11

24.9K

MAP Protocol@MapProtocol·5 May

MAP Protocol Weekly Stats 🟪 Cross-chain volume: $18,603,109.43 🟪 Cross-chain transactions: 10,046 tx 🟪 Protocol fees generated: • Base: $3,907.68 • Protocol: $2,242.45 • Vault: $2,242.45 • Affiliate: $33,415.55 Dahsboard: maposcan.io

English

2

5

21.5K

MAP Protocol

Discover