Hacken $HAI Token Minting Hyperinflation Private Key Breach
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Hacken is a leading blockchain security auditor with over seven years of experience and ISO 27001 certification, serves more than 1,500 clients across Web3, government, and enterprise sectors. Recently, a human error during bridge architectural changes led to the compromise of a private key linked to $HAI token bridge operations between Ethereum and BNB networks. This breach allowed an attacker to mint 900 million tokens and swap approximately $250K worth on BNB Chain and Ethereum before liquidity constraints limited further theft. Hacken promptly paused the bridge, assigned a separate team to redesign its architecture, and continues investigating, with no reported recovery of stolen funds yet.[1][2][3][4][5][6][7][8][9][10][11]
About Hacken Club
Hacken is a leading blockchain security auditor with over seven years of experience, offering trusted services to more than 1,500 clients across Web3, government, and enterprise sectors. With a team of over 60 top-tier engineers and ISO 27001 certification, Hacken provides a wide array of security solutions, including smart contract audits, blockchain protocol reviews, penetration testing, tokenomics audits, and proof of reserves verification. Their rigorous processes and double-review systems help crypto projects identify vulnerabilities and maintain security resilience.
Clients span TradFi and DeFi sectors, Layer 1 and Layer 2 protocols, and centralized exchanges. Notable partnerships include CoinGecko, Binance, Near, Aurora, Gate.io, and VeChain. Hacken’s clients consistently praise the company for its professionalism, communication, and security insights. The firm also operates HackenProof, a bug bounty platform engaging thousands of ethical hackers to crowdsource penetration testing.
Led by experienced professionals—many with Big Four auditing backgrounds—Hacken blends traditional financial expertise with Web3 innovation. Co-founder Dyma Budorin founded Hacken in 2017 with a mission to bring trust and ethics to a rapidly evolving crypto space. Today, Hacken has over 100 team members in 21+ countries and continues to expand its ecosystem with products and thought leadership through blogs and case studies.
The Reality
A human error during architectural changes resulted in the exposure of the private key for the $HAI token.
What Happened
A compromised private key linked to Hacken’s bridge deployment allowed an attacker to mint 900 million $HAI tokens, resulting in a theft of approximately $253K.
| Date | Event | Description |
|---|---|---|
| June 20th, 2025 3:23:44 PM MDT | First BNB Transaction | The first attack transaction, minting on the Binance Smart Chain. |
| June 20th, 2025 3:25:23 PM MDT | Ethereum Transaction | An attack on Ethereum, minting more $HAI tokens. |
| June 20th, 2025 3:38:59 PM MDT | Another BNB Transaction | Another attack on Binacne smart chain. |
| June 20th, 2025 3:47:53 PM MDT | Yet Another BNB Transaction | Yet another attack on Binance smart chain. |
| June 20th, 2025 5:06:00 PM MDT | PeckShield Triggers Alert | PeckShield triggers an alert, warning of a "price crash" because the $HAI token "is hacked". |
| June 21st, 2025 3:57:00 AM MDT | Hacken Club Posts Notice | Hacken Club posts to announce an ongoing investigation into a security incident involving unauthorized minting of HAI tokens on Ethereum and BNB Chain, traced to a compromised private key tied to the bridge deployment. As a precaution, the ETH↔️VET and BSC↔️VET bridges have been temporarily paused. Users holding HAI on either network are advised not to initiate bridge transactions until further notice. The team will provide updates as the investigation continues. |
| June 21st, 2025 4:24:00 AM MDT | Cyvers Alert Issued | Blockchain security firm Cvyers issues a security alert about a major breach involving @hackenclub, affecting both the BNB and Ethereum networks. The deployer wallet of the $HAI token was reportedly compromised, likely due to a private key leak linked to the bridge deployment. The attacker minted 900 million $HAI tokens and managed to swap around $253K on BNB before being limited by low liquidity. In response, the team has paused all bridge contracts and urges users to avoid interacting with them. |
| June 21st, 2025 12:12:00 PM MDT | Update From Hacken Club | Hacken Club provides an update following the recent security breach, calling it a pivotal moment for the $HAI token. The team reaffirms its long-term vision to evolve $HAI into a regulated financial instrument with integrated equity rights, planning a major merger with Hacken equity shareholders valued at over $100M. They acknowledge outdated bridge architecture and cite delayed migration due to legal uncertainties around token-equity integration. A dedicated team is now leading a full bridge redesign to prevent similar exploits, while broader industry analysis is underway. Stricter security protocols are being implemented, and product development—including new utility features—remains on track. |
| June 24th, 2025 3:07:00 PM MDT | Rekt News Publishes | Rekt News publishes an article about the incident, exploring the irony of a leading blockchain security firm, Hacken, falling victim to a basic security failure—a leaked bridge private key left on a forgotten DigitalOcean server. The breach, which enabled an attacker to mint 900 million $HAI tokens and drain around $170K, triggered a catastrophic 99% token value crash. Rekt criticizes Hacken's failure to implement long-overdue multisig protections and highlights the contradiction between their own warnings about access control risks and the preventable nature of the incident. While Hacken scrambles to reframe the disaster as part of a strategic shift toward regulated equity-token integration, the article questions whether a security firm that couldn’t secure itself can still be trusted to protect others. |
Technical Details
The recent attack on Hacken's $HAI token infrastructure appears to stem from a compromised private key associated with the deployer wallet used for bridge operations between the Ethereum and BNB networks. This private key compromise allowed the attacker unauthorized access, enabling them to mint a massive 900 million $HAI tokens across both networks. The root cause has been linked to weaknesses in the security architecture of the original bridge deployment, which lacked modern safety standards and relied on an outdated design due to its early development phase.
Once the attacker gained control of the deployer wallet, they executed multiple minting transactions to inflate the token supply illegitimately. On the BNB Chain, they were able to convert a portion of the illicitly minted tokens—approximately $253,000—into liquid assets. The limited liquidity in the $HAI pools restricted the attacker’s ability to extract more funds, containing some of the damage. Verified transactions showing these mint events can be found on both BscScan and Etherscan.
Total Amount Lost
According to Rekt News, "a compromised private key opened the door to a $170K drain and a 99% collapse in token value."
However, Cyvers Alert reports the "attacker was only able to swap approximately $253K", which is a larger sum.
Hacken reported the amount as approximately $250k.
The total amount lost has been estimated at $253,000 USD.
Immediate Reactions
In response, Hacken paused all bridge contracts connecting Ethereum, BNB Chain, and VeChain to prevent further unauthorized activity. The incident highlighted the critical need for architectural upgrades in bridge infrastructure, especially around private key management and contract migration processes.
Ultimate Outcome
A dedicated team, separate from Hacken’s active security service units, has been tasked with redesigning the bridge architecture to harden it against similar attacks in the future.
The bridge remains disabled, and a structural overhaul is underway to plug vulnerabilities related to private key custody, contract deployments, and bridge migration processes.
Total Amount Recovered
The attacker was only able to swap about $253K worth of HAI on BNB before liquidity dried up, and there’s no indication of any successful recovery of those stolen assets at this point.
Hacken Club has promised a new token, and that legitimate holders will be able to swap for that token.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
There haven’t been any new reports of funds being recovered or additional losses disclosed beyond the initially scoped ~$253K that the attacker managed to swap on the BNB network.
Updates are expected as the investigation continues and remediation progresses.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Hacken - Rekt (Accessed Jun 25, 2025)
- ↑ Peckshield - "It seems $HAI is hacked, resulting in price crash" - Twitter/X (Accessed Jun 25, 2025)
- ↑ Cyvers Alerts - "ALERT Today, @hackenclub appears to have suffered a security breach across $BNB and $ETH networks. The deployer wallet of the $HAI token seems to be compromised, allowing the attacker to transfer funds. Root cause seems to be private key linked to the bridge deployment." - Twitter/X (Accessed Jun 25, 2025)
- ↑ Transaction Mints 497,973,284.2 $HAI Token - BSCScan (Accessed Jun 25, 2025)
- ↑ Transaction Mints 251,013,357.88407039 $HAI Token - BSCScan (Accessed Jun 25, 2025)
- ↑ Transaction Mints 125,506,678.942 $HAI Token - BSCScan (Accessed Jun 25, 2025)
- ↑ Transaction Mints 8,771,108.30625513 $HAI Token - Etherscan (Accessed Jun 25, 2025)
- ↑ Hacken Club - "We are investigating a security incident involving the unauthorized minting of HAI tokens on Ethereum and BNB Chain, caused by a compromised private key linked to the bridge deployment." - Twitter/X (Accessed Jun 25, 2025)
- ↑ RektHQ - "A security firm forgot its own security. @hackenclub $HAI token got nuked after a bridge key leak let an attacker mint 900M tokens and dump $250K. 99% crash, KuCoin KYC twist, and a tokenomics pivot no one asked for. They wrote the report - and lived it." - Twitter/X (Accessed Jun 25, 2025)
- ↑ Hacken Homepage (Accessed Jun 25, 2025)
- ↑ Hacken Club - "All legit holders of the $HAI token will have an option to swap later. We will share more details on our official channels as soon as possible." - Twitter/X (Accessed Jun 25, 2025)