QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$253 000 USD
JUNE 2025
GLOBAL
HACKEN CLUB
DESCRIPTION OF EVENTS
Hacken is a leading blockchain security auditor with over seven years of experience, offering trusted services to more than 1,500 clients across Web3, government, and enterprise sectors. With a team of over 60 top-tier engineers and ISO 27001 certification, Hacken provides a wide array of security solutions, including smart contract audits, blockchain protocol reviews, penetration testing, tokenomics audits, and proof of reserves verification. Their rigorous processes and double-review systems help crypto projects identify vulnerabilities and maintain security resilience.
Clients span TradFi and DeFi sectors, Layer 1 and Layer 2 protocols, and centralized exchanges. Notable partnerships include CoinGecko, Binance, Near, Aurora, Gate.io, and VeChain. Hacken’s clients consistently praise the company for its professionalism, communication, and security insights. The firm also operates HackenProof, a bug bounty platform engaging thousands of ethical hackers to crowdsource penetration testing.
Led by experienced professionals—many with Big Four auditing backgrounds—Hacken blends traditional financial expertise with Web3 innovation. Co-founder Dyma Budorin founded Hacken in 2017 with a mission to bring trust and ethics to a rapidly evolving crypto space. Today, Hacken has over 100 team members in 21+ countries and continues to expand its ecosystem with products and thought leadership through blogs and case studies.
A human error during architectural changes resulted in the exposure of the private key for the $HAI token.
The recent attack on Hacken's $HAI token infrastructure appears to stem from a compromised private key associated with the deployer wallet used for bridge operations between the Ethereum and BNB networks. This private key compromise allowed the attacker unauthorized access, enabling them to mint a massive 900 million $HAI tokens across both networks. The root cause has been linked to weaknesses in the security architecture of the original bridge deployment, which lacked modern safety standards and relied on an outdated design due to its early development phase.
Once the attacker gained control of the deployer wallet, they executed multiple minting transactions to inflate the token supply illegitimately. On the BNB Chain, they were able to convert a portion of the illicitly minted tokens—approximately $253,000—into liquid assets. The limited liquidity in the $HAI pools restricted the attacker’s ability to extract more funds, containing some of the damage. Verified transactions showing these mint events can be found on both BscScan and Etherscan.
According to Rekt News, "a compromised private key opened the door to a $170K drain and a 99% collapse in token value."
However, Cyvers Alert reports the "attacker was only able to swap approximately $253K", which is a larger sum.
Hacken reported the amount as approximately $250k.
In response, Hacken paused all bridge contracts connecting Ethereum, BNB Chain, and VeChain to prevent further unauthorized activity. The incident highlighted the critical need for architectural upgrades in bridge infrastructure, especially around private key management and contract migration processes.
A dedicated team, separate from Hacken’s active security service units, has been tasked with redesigning the bridge architecture to harden it against similar attacks in the future.
The bridge remains disabled, and a structural overhaul is underway to plug vulnerabilities related to private key custody, contract deployments, and bridge migration processes.
The attacker was only able to swap about $253K worth of HAI on BNB before liquidity dried up, and there’s no indication of any successful recovery of those stolen assets at this point.
There haven’t been any new reports of funds being recovered or additional losses disclosed beyond the initially scoped ~$253K that the attacker managed to swap on the BNB network.
Updates are expected as the investigation continues and remediation progresses.
Hacken is a leading blockchain security auditor with over seven years of experience and ISO 27001 certification, serves more than 1,500 clients across Web3, government, and enterprise sectors. Recently, a human error during bridge architectural changes led to the compromise of a private key linked to $HAI token bridge operations between Ethereum and BNB networks. This breach allowed an attacker to mint 900 million tokens and swap approximately $250K worth on BNB Chain and Ethereum before liquidity constraints limited further theft. Hacken promptly paused the bridge, assigned a separate team to redesign its architecture, and continues investigating, with no reported recovery of stolen funds yet.
Hacken - Rekt (Jun 25)
Peckshield - "It seems $HAI is hacked, resulting in price crash" - Twitter/X (Jun 25)
Cyvers Alerts - "ALERT Today, @hackenclub appears to have suffered a security breach across $BNB and $ETH networks. The deployer wallet of the $HAI token seems to be compromised, allowing the attacker to transfer funds. Root cause seems to be private key linked to the bridge deployment." - Twitter/X (Jun 25)
Transaction Mints 497,973,284.2 $HAI Token - BSCScan (Jun 25)
Transaction Mints 251,013,357.88407039 $HAI Token - BSCScan (Jun 25)
Transaction Mints 125,506,678.942 $HAI Token - BSCScan (Jun 25)
Transaction Mints 8,771,108.30625513 $HAI Token - Etherscan (Jun 25)
Hacken Club - "We are investigating a security incident involving the unauthorized minting of HAI tokens on Ethereum and BNB Chain, caused by a compromised private key linked to the bridge deployment." - Twitter/X (Jun 25)
RektHQ - "A security firm forgot its own security. @hackenclub $HAI token got nuked after a bridge key leak let an attacker mint 900M tokens and dump $250K. 99% crash, KuCoin KYC twist, and a tokenomics pivot no one asked for. They wrote the report - and lived it." - Twitter/X (Jun 25)
Hacken Homepage (Jun 25)
Hacken Club - "All legit holders of the $HAI token will have an option to swap later. We will share more details on our official channels as soon as possible." - Twitter/X (Jun 25)
